Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google keeps redirecting to happili.com and others


  • This topic is locked This topic is locked
16 replies to this topic

#1 Timzzilla

Timzzilla

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 21 April 2012 - 10:31 PM

When I do a search and click a link most of the time I get redirected to sites ie: happili.com, addedsuccess.com, click.get-answers-fast.com, askthecrew.net among others. This doesn't happen every time but every 2nd or 3rd click.

Here is my dds.txt, attach.txt, and ark.txt files.

Any help is appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Tim at 20:22:32 on 2012-04-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.655 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {93935F7F-9C88-42F8-8445-95251D27FABC} - No File
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Video Downloader BHO: {b7cf5c23-ca56-440b-8e87-8e2d05be2113} - c:\program files\videodownloader\VideoDownloader.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Video Downloader: {283b4aa3-1b7a-46e6-b56d-90ef4743fb2c} - c:\program files\videodownloader\VideoDownloader.dll
{0b53eac3-8d69-4b9e-9b19-a37c9a5676a7}
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes\CLSID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\ProgID
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202764989308
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{07DAC96B-7FAC-424D-976A-7BA5C184696C} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{07DAC96B-7FAC-424D-976A-7BA5C184696C} : DhcpNameServer = 192.168.0.1 216.165.129.158
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\i2h0kfgn.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\tim\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\tim\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfsmn;avfsmn;c:\windows\system32\drivers\avfsmn.sys [2012-4-13 17704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-2-3 296232]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [2012-4-13 23848]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\DVRMSFileWatcherService.exe [2008-3-19 20480]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253600]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-3-3 16512]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\c.tmp --> c:\windows\system32\C.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-6-16 7808]
.
=============== Created Last 30 ================
.
2012-04-13 19:42:09 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-13 19:42:09 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-13 19:41:56 -------- d-----w- c:\program files\Anvisoft
2012-04-13 19:03:51 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-04-10 03:01:04 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 00:11:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 00:11:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-04 13:32:35 -------- d-----w- c:\documents and settings\tim\application data\ProgSense
2012-04-01 02:23:50 -------- d-----w- c:\documents and settings\tim\application data\FixZeroAccess
2012-03-30 03:06:06 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-30 01:02:48 -------- d-sha-r- C:\cmdcons
2012-03-30 00:52:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 06:00:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-03-29 00:41:31 -------- d-----w- C:\acdca6de73cfe81fa3344dc56f
2012-03-28 13:31:38 215920 ----a-w- c:\windows\system32\muweb.dll
2012-03-28 13:31:38 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-03-28 13:31:37 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-03-28 13:25:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-28 13:25:46 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-04-10 03:01:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 00:54:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-05 03:29:06 73728 ----a-w- c:\windows\ALCFDRTM.VER
2012-03-05 03:29:06 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:30:26.52 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 21 April 2012 - 11:02 PM

Hello Timzzilla,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • Please run these following tools so we can see further what is going on.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 22 April 2012 - 10:21 PM

fireman4it,

Here are the txt files you asked for. When I ran the programs I made no changes, just saved the text files.





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 21:04:57
-----------------------------
21:04:57.919 OS Version: Windows 5.1.2600 Service Pack 3
21:04:57.919 Number of processors: 2 586 0x304
21:04:57.919 ComputerName: YOUR-85A8F7B8EC UserName: Tim
21:05:07.669 Initialize success
21:10:13.872 AVAST engine defs: 12042201
21:10:29.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
21:10:29.778 Disk 0 Vendor: Maxtor_7Y250M0 YAR51HW0 Size: 239372MB BusType: 3
21:10:29.981 Disk 0 MBR read successfully
21:10:29.981 Disk 0 MBR scan
21:10:30.059 Disk 0 Windows XP default MBR code
21:10:30.075 Disk 0 Partition 1 00 12 Compaq diag NTFS 5130 MB offset 63
21:10:30.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234236 MB offset 10506510
21:10:30.184 Disk 0 scanning sectors +490223475
21:10:30.497 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:53.137 Service scanning
21:12:35.497 Modules scanning
21:13:43.356 Disk 0 trace - called modules:
21:13:43.419 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:13:43.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f75ab8]
21:13:43.419 3 CLASSPNP.SYS[f7543fd7] -> nt!IofCallDriver -> \Device\00000073[0x86fd3810]
21:13:43.434 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x86f36d98]
21:13:48.044 AVAST engine scan C:\WINDOWS
21:15:57.950 AVAST engine scan C:\WINDOWS\system32
21:37:36.091 AVAST engine scan C:\WINDOWS\system32\drivers
21:40:20.122 AVAST engine scan C:\Documents and Settings\Tim
22:47:55.794 AVAST engine scan C:\Documents and Settings\All Users
23:00:12.153 Scan finished successfully
23:02:38.653 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\Desktop\MBR.dat"
23:02:38.653 The log file has been saved successfully to "C:\Documents and Settings\Tim\Desktop\aswMBR.txt"




RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tim [Admin rights]
Mode: Scan -- Date: 04/22/2012 23:07:46

Bad processes: 0

Registry Entries: 6
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Maxtor 7Y250M0 +++++
--- User ---
[MBR] e6416f849e94744466f43b3cf6daa505
[BSP] c36113eb246b5adeb9425c0aa09cef6d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 234236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt








ListParts by Farbar Version: 12-03-2012 03
Ran by Tim (administrator) on 22-04-2012 at 23:12:36
Windows XP (X86)
Running From: C:\Documents and Settings\Tim\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 1022.73 MB
Available physical RAM: 628.26 MB
Total Pagefile: 2464.84 MB
Available Pagefile: 1912.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 2005.79 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:228.75 GB) (Free:13.73 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 234 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 5130 MB 32 KB
Partition 2 Primary 229 GB 5130 MB
======================================================================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 229 GB Healthy System (partition with boot components)
======================================================================================================

****** End Of Log ******

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 22 April 2012 - 10:31 PM

Hello,

Please run the following tools and post there logs along with how your machine is running.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Things to include in your next reply::
Tdsskiller log
Combofix.txt
Roguekiller log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 23 April 2012 - 08:38 AM

Fireman4it,

I ran TDSSKiller with no problem the report is pasted below, but when I ran combofix I got the error:

Error opening file for writing:

C:\32788R22FWJFW\pv.com

Click Abort to stop the installation,
Retry to try again, or
Ignore to skip this file.


I didn't want to move on until I got your ok.

Here's the TDSSKiller report:



05:57:27.0669 8484 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
05:57:28.0200 8484 ============================================================
05:57:28.0200 8484 Current date / time: 2012/04/23 05:57:28.0200
05:57:28.0200 8484 SystemInfo:
05:57:28.0200 8484
05:57:28.0200 8484 OS Version: 5.1.2600 ServicePack: 3.0
05:57:28.0200 8484 Product type: Workstation
05:57:28.0200 8484 ComputerName: YOUR-85A8F7B8EC
05:57:28.0200 8484 UserName: Tim
05:57:28.0200 8484 Windows directory: C:\WINDOWS
05:57:28.0200 8484 System windows directory: C:\WINDOWS
05:57:28.0200 8484 Processor architecture: Intel x86
05:57:28.0200 8484 Number of processors: 2
05:57:28.0200 8484 Page size: 0x1000
05:57:28.0200 8484 Boot type: Normal boot
05:57:28.0200 8484 ============================================================
05:57:34.0794 8484 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:57:35.0091 8484 \Device\Harddisk0\DR0:
05:57:35.0106 8484 MBR partitions:
05:57:35.0106 8484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA0510E, BlocksNum 0x1C97E665
05:57:35.0497 8484 C: <-> \Device\Harddisk0\DR0\Partition0
05:57:35.0544 8484 Initialize success
05:57:35.0544 8484 ============================================================
05:57:47.0231 9088 ============================================================
05:57:47.0231 9088 Scan started
05:57:47.0231 9088 Mode: Manual;
05:57:47.0231 9088 ============================================================
05:57:49.0153 9088 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
05:57:49.0512 9088 !SASCORE - ok
05:57:50.0137 9088 Abiosdsk - ok
05:57:50.0450 9088 abp480n5 - ok
05:57:51.0153 9088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:57:51.0262 9088 ACPI - ok
05:57:51.0606 9088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:57:51.0637 9088 ACPIEC - ok
05:57:52.0091 9088 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:57:52.0497 9088 AdobeFlashPlayerUpdateSvc - ok
05:57:52.0747 9088 adpu160m - ok
05:57:53.0137 9088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:57:53.0184 9088 aec - ok
05:57:53.0575 9088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:57:53.0700 9088 AFD - ok
05:57:54.0544 9088 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
05:57:55.0200 9088 AgereSoftModem - ok
05:57:55.0466 9088 Aha154x - ok
05:57:55.0731 9088 aic78u2 - ok
05:57:55.0981 9088 aic78xx - ok
05:57:56.0262 9088 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
05:57:56.0262 9088 Alerter - ok
05:57:56.0559 9088 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
05:57:56.0684 9088 ALG - ok
05:57:56.0887 9088 AliIde - ok
05:57:57.0122 9088 amsint - ok
05:57:57.0341 9088 appliandMP - ok
05:57:57.0747 9088 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
05:57:57.0841 9088 AppMgmt - ok
05:57:58.0169 9088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:57:58.0200 9088 Arp1394 - ok
05:57:58.0403 9088 asc - ok
05:57:58.0653 9088 asc3350p - ok
05:57:58.0887 9088 asc3550 - ok
05:57:59.0200 9088 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
05:57:59.0528 9088 asdsrv - ok
05:57:59.0950 9088 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
05:57:59.0950 9088 ASPI - ok
05:58:00.0231 9088 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
05:58:00.0231 9088 ASPI32 - ok
05:58:00.0716 9088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:58:00.0903 9088 aspnet_state - ok
05:58:01.0169 9088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:58:01.0169 9088 AsyncMac - ok
05:58:01.0450 9088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:58:01.0481 9088 atapi - ok
05:58:01.0731 9088 Atdisk - ok
05:58:02.0106 9088 Ati HotKey Poller (666e4e583a7cf1233c6425da16ecdc89) C:\WINDOWS\system32\Ati2evxx.exe
05:58:02.0372 9088 Ati HotKey Poller - ok
05:58:02.0825 9088 ATI Smart (be3d32f9c92145ada33cd8df3204b26b) C:\WINDOWS\system32\ati2sgag.exe
05:58:03.0075 9088 ATI Smart - ok
05:58:04.0059 9088 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
05:58:04.0841 9088 ati2mtag - ok
05:58:05.0216 9088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:58:05.0231 9088 Atmarpc - ok
05:58:05.0481 9088 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
05:58:05.0497 9088 AudioSrv - ok
05:58:05.0825 9088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:58:05.0825 9088 audstub - ok
05:58:06.0106 9088 avfsmn (0dd083cf4f58bd8aae850d3931f1aa98) C:\WINDOWS\system32\DRIVERS\avfsmn.sys
05:58:06.0122 9088 avfsmn - ok
05:58:06.0341 9088 avhips (908604bc15c3aa0052c791cb31e732a3) C:\WINDOWS\system32\DRIVERS\avhips.sys
05:58:06.0356 9088 avhips - ok
05:58:06.0669 9088 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
05:58:06.0684 9088 BANTExt - ok
05:58:06.0934 9088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:58:06.0934 9088 Beep - ok
05:58:07.0309 9088 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
05:58:07.0575 9088 BITS - ok
05:58:07.0825 9088 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
05:58:07.0856 9088 Browser - ok
05:58:07.0856 9088 catchme - ok
05:58:08.0216 9088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:58:08.0216 9088 cbidf2k - ok
05:58:08.0481 9088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:58:08.0497 9088 CCDECODE - ok
05:58:08.0716 9088 cd20xrnt - ok
05:58:09.0012 9088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:58:09.0028 9088 Cdaudio - ok
05:58:09.0278 9088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:58:09.0294 9088 Cdfs - ok
05:58:09.0591 9088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:58:09.0622 9088 Cdrom - ok
05:58:09.0841 9088 Changer - ok
05:58:10.0075 9088 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
05:58:10.0153 9088 CiSvc - ok
05:58:10.0372 9088 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
05:58:10.0466 9088 ClipSrv - ok
05:58:10.0778 9088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:58:10.0997 9088 clr_optimization_v2.0.50727_32 - ok
05:58:11.0216 9088 CmdIde - ok
05:58:11.0434 9088 COMSysApp - ok
05:58:11.0747 9088 Cpqarray - ok
05:58:11.0997 9088 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
05:58:12.0028 9088 CryptSvc - ok
05:58:12.0231 9088 dac2w2k - ok
05:58:12.0434 9088 dac960nt - ok
05:58:12.0841 9088 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
05:58:12.0966 9088 DcomLaunch - ok
05:58:13.0372 9088 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
05:58:13.0403 9088 Dhcp - ok
05:58:13.0653 9088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:58:13.0669 9088 Disk - ok
05:58:13.0856 9088 dmadmin - ok
05:58:14.0325 9088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:58:14.0575 9088 dmboot - ok
05:58:14.0887 9088 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
05:58:14.0919 9088 DMICall - ok
05:58:15.0200 9088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:58:15.0247 9088 dmio - ok
05:58:15.0544 9088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:58:15.0544 9088 dmload - ok
05:58:15.0794 9088 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
05:58:15.0809 9088 dmserver - ok
05:58:16.0059 9088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:58:16.0075 9088 DMusic - ok
05:58:16.0309 9088 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
05:58:16.0325 9088 Dnscache - ok
05:58:16.0637 9088 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
05:58:16.0669 9088 Dot3svc - ok
05:58:16.0887 9088 dpti2o - ok
05:58:17.0106 9088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:58:17.0106 9088 drmkaud - ok
05:58:17.0372 9088 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
05:58:17.0372 9088 dvd43llh - ok
05:58:17.0559 9088 DVRMSFileWatcherService (6ace8800317b1e5004af06ae5a6c78dc) c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
05:58:17.0622 9088 DVRMSFileWatcherService - ok
05:58:17.0919 9088 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
05:58:17.0966 9088 E100B - ok
05:58:18.0216 9088 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
05:58:18.0231 9088 EapHost - ok
05:58:18.0528 9088 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
05:58:18.0622 9088 ehRecvr - ok
05:58:18.0809 9088 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
05:58:18.0887 9088 ehSched - ok
05:58:19.0122 9088 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
05:58:19.0122 9088 ERSvc - ok
05:58:19.0434 9088 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:58:19.0497 9088 Eventlog - ok
05:58:19.0887 9088 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
05:58:19.0966 9088 EventSystem - ok
05:58:20.0278 9088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:58:20.0325 9088 Fastfat - ok
05:58:20.0622 9088 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:58:20.0700 9088 FastUserSwitchingCompatibility - ok
05:58:20.0934 9088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
05:58:20.0934 9088 Fdc - ok
05:58:21.0184 9088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:58:21.0200 9088 Fips - ok
05:58:21.0419 9088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
05:58:21.0419 9088 Flpydisk - ok
05:58:21.0700 9088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:58:21.0731 9088 FltMgr - ok
05:58:22.0044 9088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:58:22.0122 9088 FontCache3.0.0.0 - ok
05:58:22.0341 9088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:58:22.0341 9088 Fs_Rec - ok
05:58:22.0653 9088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:58:22.0684 9088 Ftdisk - ok
05:58:22.0950 9088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:58:22.0966 9088 Gpc - ok
05:58:23.0325 9088 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
05:58:23.0356 9088 HdAudAddService - ok
05:58:23.0731 9088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:58:23.0762 9088 HDAudBus - ok
05:58:23.0903 9088 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:58:23.0919 9088 helpsvc - ok
05:58:24.0153 9088 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
05:58:24.0169 9088 HidIr - ok
05:58:24.0419 9088 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
05:58:24.0419 9088 HidServ - ok
05:58:24.0716 9088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:58:24.0716 9088 HidUsb - ok
05:58:24.0981 9088 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
05:58:24.0997 9088 hkmsvc - ok
05:58:25.0231 9088 hpn - ok
05:58:25.0544 9088 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
05:58:25.0559 9088 HPZid412 - ok
05:58:25.0825 9088 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
05:58:25.0841 9088 HPZipr12 - ok
05:58:26.0075 9088 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
05:58:26.0091 9088 HPZius12 - ok
05:58:26.0419 9088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:58:26.0497 9088 HTTP - ok
05:58:26.0809 9088 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
05:58:26.0872 9088 HTTPFilter - ok
05:58:27.0122 9088 i2omgmt - ok
05:58:27.0341 9088 i2omp - ok
05:58:27.0669 9088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:58:27.0684 9088 i8042prt - ok
05:58:28.0278 9088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:58:28.0794 9088 idsvc - ok
05:58:29.0153 9088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:58:29.0169 9088 Imapi - ok
05:58:29.0450 9088 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
05:58:29.0575 9088 ImapiService - ok
05:58:29.0794 9088 ini910u - ok
05:58:30.0778 9088 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
05:58:31.0512 9088 IntcAzAudAddService - ok
05:58:31.0809 9088 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:58:31.0825 9088 IntelIde - ok
05:58:32.0044 9088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:58:32.0059 9088 intelppm - ok
05:58:32.0309 9088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:58:32.0309 9088 Ip6Fw - ok
05:58:32.0700 9088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:58:32.0700 9088 IpFilterDriver - ok
05:58:32.0934 9088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:58:32.0950 9088 IpInIp - ok
05:58:33.0216 9088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:58:33.0262 9088 IpNat - ok
05:58:33.0559 9088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:58:33.0591 9088 IPSec - ok
05:58:33.0872 9088 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
05:58:33.0887 9088 IrBus - ok
05:58:34.0122 9088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:58:34.0122 9088 IRENUM - ok
05:58:34.0356 9088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:58:34.0372 9088 isapnp - ok
05:58:34.0716 9088 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
05:58:34.0794 9088 JavaQuickStarterService - ok
05:58:35.0028 9088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:58:35.0028 9088 Kbdclass - ok
05:58:35.0278 9088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:58:35.0278 9088 kbdhid - ok
05:58:35.0622 9088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:58:35.0669 9088 kmixer - ok
05:58:35.0966 9088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:58:35.0997 9088 KSecDD - ok
05:58:36.0278 9088 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
05:58:36.0309 9088 lanmanserver - ok
05:58:36.0622 9088 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
05:58:36.0669 9088 lanmanworkstation - ok
05:58:36.0762 9088 Lavasoft Kernexplorer - ok
05:58:36.0997 9088 Lbd - ok
05:58:37.0231 9088 lbrtfdc - ok
05:58:37.0481 9088 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
05:58:37.0481 9088 LmHosts - ok
05:58:38.0419 9088 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
05:58:39.0122 9088 LVcKap - ok
05:58:39.0372 9088 LVCOMSer (9e41266c68c11d7101a2d18cd1f7553e) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
05:58:39.0466 9088 LVCOMSer - ok
05:58:40.0356 9088 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
05:58:40.0981 9088 LVMVDrv - ok
05:58:41.0247 9088 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
05:58:41.0247 9088 LVPr2Mon - ok
05:58:41.0325 9088 LVPrcSrv (85c2e84bc1224c75a20b5560d5a15db9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
05:58:41.0403 9088 LVPrcSrv - ok
05:58:41.0481 9088 LVSrvLauncher (656180e9c0c5199520972426c44bc2f0) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
05:58:41.0575 9088 LVSrvLauncher - ok
05:58:41.0841 9088 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
05:58:41.0856 9088 LVUSBSta - ok
05:58:42.0044 9088 MEMSWEEP2 - ok
05:58:42.0309 9088 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
05:58:42.0325 9088 Messenger - ok
05:58:42.0684 9088 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
05:58:42.0716 9088 MHN - ok
05:58:42.0950 9088 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
05:58:42.0950 9088 MHNDRV - ok
05:58:43.0325 9088 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
05:58:43.0434 9088 Microsoft Office Groove Audit Service - ok
05:58:43.0856 9088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:58:43.0856 9088 mnmdd - ok
05:58:44.0106 9088 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
05:58:44.0153 9088 mnmsrvc - ok
05:58:44.0434 9088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:58:44.0450 9088 Modem - ok
05:58:44.0825 9088 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
05:58:44.0825 9088 MODEMCSA - ok
05:58:45.0059 9088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:58:45.0059 9088 Mouclass - ok
05:58:45.0325 9088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:58:45.0341 9088 mouhid - ok
05:58:45.0669 9088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:58:45.0684 9088 MountMgr - ok
05:58:45.0950 9088 mqdmbus (6656fad6569c0d388c2ec76531c9f70f) C:\WINDOWS\system32\DRIVERS\mqdmbus.sys
05:58:45.0981 9088 mqdmbus - ok
05:58:46.0247 9088 mqdmmdfl (d940989fbcece430d27c5e5371208d7e) C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys
05:58:46.0247 9088 mqdmmdfl - ok
05:58:46.0559 9088 mqdmmdm (ffbd4ff319b989f1ae47a1006acbd592) C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys
05:58:46.0575 9088 mqdmmdm - ok
05:58:46.0872 9088 mqdmserd (c7ad107ca4479478cade0d6aa66b7aca) C:\WINDOWS\system32\DRIVERS\mqdmserd.sys
05:58:46.0903 9088 mqdmserd - ok
05:58:47.0122 9088 mraid35x - ok
05:58:47.0434 9088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:58:47.0497 9088 MRxDAV - ok
05:58:48.0075 9088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:58:48.0481 9088 MRxSmb - ok
05:58:48.0997 9088 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
05:58:49.0075 9088 MSDTC - ok
05:58:49.0434 9088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:58:49.0450 9088 Msfs - ok
05:58:49.0653 9088 MSIServer - ok
05:58:49.0903 9088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:58:49.0903 9088 MSKSSRV - ok
05:58:50.0122 9088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:58:50.0137 9088 MSPCLOCK - ok
05:58:50.0356 9088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:58:50.0372 9088 MSPQM - ok
05:58:50.0637 9088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:58:50.0637 9088 mssmbios - ok
05:58:50.0903 9088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:58:50.0903 9088 MSTEE - ok
05:58:51.0184 9088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:58:51.0216 9088 Mup - ok
05:58:51.0466 9088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:58:51.0497 9088 NABTSFEC - ok
05:58:51.0903 9088 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
05:58:51.0981 9088 napagent - ok
05:58:52.0294 9088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:58:52.0341 9088 NDIS - ok
05:58:52.0606 9088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:58:52.0606 9088 NdisIP - ok
05:58:52.0856 9088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:58:52.0856 9088 NdisTapi - ok
05:58:53.0091 9088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:58:53.0091 9088 Ndisuio - ok
05:58:53.0341 9088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:58:53.0372 9088 NdisWan - ok
05:58:53.0716 9088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:58:53.0731 9088 NDProxy - ok
05:58:54.0012 9088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:58:54.0012 9088 NetBIOS - ok
05:58:54.0309 9088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:58:54.0356 9088 NetBT - ok
05:58:54.0653 9088 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:58:54.0731 9088 NetDDE - ok
05:58:54.0762 9088 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:58:54.0762 9088 NetDDEdsdm - ok
05:58:54.0981 9088 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:58:54.0997 9088 Netlogon - ok
05:58:55.0278 9088 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
05:58:55.0341 9088 Netman - ok
05:58:55.0606 9088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:58:55.0731 9088 NetTcpPortSharing - ok
05:58:55.0997 9088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:58:56.0028 9088 NIC1394 - ok
05:58:56.0325 9088 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
05:58:56.0403 9088 Nla - ok
05:58:56.0653 9088 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
05:58:56.0669 9088 nm - ok
05:58:56.0887 9088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:58:56.0903 9088 Npfs - ok
05:58:57.0309 9088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:58:57.0466 9088 Ntfs - ok
05:58:57.0716 9088 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:58:57.0716 9088 NtLmSsp - ok
05:58:58.0091 9088 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
05:58:58.0231 9088 NtmsSvc - ok
05:58:58.0481 9088 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
05:58:58.0512 9088 NuidFltr - ok
05:58:58.0950 9088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:58:58.0966 9088 Null - ok
05:58:59.0247 9088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:58:59.0247 9088 NwlnkFlt - ok
05:58:59.0481 9088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:58:59.0497 9088 NwlnkFwd - ok
05:58:59.0856 9088 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:59:00.0231 9088 odserv - ok
05:59:00.0512 9088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:59:00.0544 9088 ohci1394 - ok
05:59:00.0669 9088 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:59:00.0762 9088 ose - ok
05:59:01.0044 9088 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
05:59:01.0044 9088 PalmUSBD - ok
05:59:01.0309 9088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:59:01.0341 9088 Parport - ok
05:59:01.0591 9088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:59:01.0606 9088 PartMgr - ok
05:59:01.0887 9088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:59:01.0887 9088 ParVdm - ok
05:59:02.0137 9088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:59:02.0153 9088 PCI - ok
05:59:02.0372 9088 PCIDump - ok
05:59:02.0731 9088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:59:02.0731 9088 PCIIde - ok
05:59:02.0981 9088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:59:03.0028 9088 Pcmcia - ok
05:59:03.0247 9088 Pcouffin - ok
05:59:03.0466 9088 PDCOMP - ok
05:59:03.0684 9088 PDFRAME - ok
05:59:03.0887 9088 PDRELI - ok
05:59:04.0122 9088 PDRFRAME - ok
05:59:04.0403 9088 pepifilter (0896002d1efcd08859a41c9db34ad84c) C:\WINDOWS\system32\DRIVERS\lv302af.sys
05:59:04.0403 9088 pepifilter - ok
05:59:04.0637 9088 perc2 - ok
05:59:04.0841 9088 perc2hib - ok
05:59:05.0481 9088 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
05:59:06.0075 9088 PID_PEPI - ok
05:59:06.0387 9088 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:59:06.0419 9088 PlugPlay - ok
05:59:06.0731 9088 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
05:59:06.0794 9088 Pml Driver HPZ12 - ok
05:59:07.0028 9088 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:59:07.0028 9088 PolicyAgent - ok
05:59:07.0309 9088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:59:07.0325 9088 PptpMiniport - ok
05:59:07.0528 9088 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:59:07.0544 9088 ProtectedStorage - ok
05:59:07.0794 9088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:59:07.0809 9088 PSched - ok
05:59:08.0106 9088 PSI (450f6bffb97eb5c56c9d9ec1fc07e5f7) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
05:59:08.0106 9088 PSI - ok
05:59:08.0403 9088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:59:08.0419 9088 Ptilink - ok
05:59:08.0762 9088 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:59:08.0762 9088 PxHelp20 - ok
05:59:08.0981 9088 ql1080 - ok
05:59:09.0216 9088 Ql10wnt - ok
05:59:09.0450 9088 ql12160 - ok
05:59:09.0669 9088 ql1240 - ok
05:59:09.0887 9088 ql1280 - ok
05:59:10.0184 9088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:59:10.0184 9088 RasAcd - ok
05:59:10.0466 9088 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
05:59:10.0497 9088 RasAuto - ok
05:59:10.0731 9088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:59:10.0747 9088 Rasl2tp - ok
05:59:11.0044 9088 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
05:59:11.0106 9088 RasMan - ok
05:59:11.0325 9088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:59:11.0341 9088 RasPppoe - ok
05:59:11.0606 9088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:59:11.0622 9088 Raspti - ok
05:59:11.0919 9088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:59:11.0966 9088 Rdbss - ok
05:59:12.0262 9088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:59:12.0278 9088 RDPCDD - ok
05:59:12.0622 9088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:59:12.0684 9088 rdpdr - ok
05:59:12.0997 9088 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
05:59:13.0028 9088 RDPWD - ok
05:59:13.0294 9088 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
05:59:13.0372 9088 RDSessMgr - ok
05:59:13.0669 9088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:59:13.0684 9088 redbook - ok
05:59:13.0950 9088 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
05:59:13.0981 9088 RemoteAccess - ok
05:59:14.0247 9088 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
05:59:14.0262 9088 RemoteRegistry - ok
05:59:14.0512 9088 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
05:59:14.0653 9088 RpcLocator - ok
05:59:15.0044 9088 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
05:59:15.0169 9088 RpcSs - ok
05:59:15.0497 9088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
05:59:15.0637 9088 RSVP - ok
05:59:15.0856 9088 RTK - ok
05:59:16.0091 9088 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:59:16.0091 9088 SamSs - ok
05:59:16.0231 9088 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
05:59:16.0294 9088 SASDIFSV - ok
05:59:16.0372 9088 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
05:59:16.0387 9088 SASKUTIL - ok
05:59:16.0700 9088 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
05:59:16.0762 9088 SCardSvr - ok
05:59:17.0059 9088 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
05:59:17.0122 9088 Schedule - ok
05:59:17.0434 9088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:59:17.0450 9088 Secdrv - ok
05:59:17.0669 9088 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
05:59:17.0684 9088 seclogon - ok
05:59:17.0887 9088 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
05:59:17.0903 9088 SENS - ok
05:59:18.0169 9088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
05:59:18.0200 9088 Serial - ok
05:59:18.0434 9088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
05:59:18.0450 9088 Sfloppy - ok
05:59:18.0778 9088 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
05:59:18.0872 9088 SharedAccess - ok
05:59:19.0137 9088 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:59:19.0184 9088 ShellHWDetection - ok
05:59:19.0419 9088 Simbad - ok
05:59:19.0653 9088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:59:19.0669 9088 SLIP - ok
05:59:20.0184 9088 smrt (27d6be8e961ab9df26ec5ce823b68b7f) C:\WINDOWS\system32\DRIVERS\smrt.sys
05:59:20.0419 9088 smrt - ok
05:59:20.0653 9088 SonicStageMonitoring (447af8ef9c114af75e252be2a4e9c4aa) C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
05:59:20.0716 9088 SonicStageMonitoring - ok
05:59:20.0872 9088 Sony TV Tuner Controller (cd1bea0cb0e96b828d225b106cbfb968) C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
05:59:20.0934 9088 Sony TV Tuner Controller - ok
05:59:20.0997 9088 Sony TV Tuner Manager (af35291f72f6cf0915765e44f1045305) C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
05:59:21.0075 9088 Sony TV Tuner Manager - ok
05:59:21.0137 9088 Sony TVTA Manager (efaaeed11aaf285435a0dcfe15047983) C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
05:59:21.0216 9088 Sony TVTA Manager - ok
05:59:21.0591 9088 Sparrow - ok
05:59:21.0825 9088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:59:21.0825 9088 splitter - ok
05:59:22.0091 9088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
05:59:22.0137 9088 Spooler - ok
05:59:22.0403 9088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:59:22.0419 9088 sr - ok
05:59:22.0716 9088 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
05:59:22.0778 9088 srservice - ok
05:59:23.0122 9088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:59:23.0216 9088 Srv - ok
05:59:23.0450 9088 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
05:59:23.0466 9088 SSDPSRV - ok
05:59:23.0997 9088 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
05:59:24.0137 9088 stisvc - ok
05:59:24.0481 9088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:59:24.0481 9088 streamip - ok
05:59:24.0747 9088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:59:24.0762 9088 swenum - ok
05:59:24.0997 9088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:59:25.0012 9088 swmidi - ok
05:59:25.0216 9088 SwPrv - ok
05:59:25.0450 9088 symc810 - ok
05:59:25.0731 9088 symc8xx - ok
05:59:25.0934 9088 sym_hi - ok
05:59:26.0169 9088 sym_u3 - ok
05:59:26.0403 9088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:59:26.0434 9088 sysaudio - ok
05:59:26.0809 9088 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
05:59:26.0872 9088 SysmonLog - ok
05:59:27.0137 9088 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
05:59:27.0216 9088 TapiSrv - ok
05:59:27.0622 9088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:59:27.0731 9088 Tcpip - ok
05:59:27.0997 9088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:59:27.0997 9088 TDPIPE - ok
05:59:28.0262 9088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:59:28.0262 9088 TDTCP - ok
05:59:28.0512 9088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:59:28.0528 9088 TermDD - ok
05:59:28.0903 9088 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
05:59:28.0997 9088 TermService - ok
05:59:29.0278 9088 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:59:29.0325 9088 Themes - ok
05:59:29.0606 9088 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
05:59:29.0731 9088 TlntSvr - ok
05:59:29.0950 9088 TosIde - ok
05:59:30.0184 9088 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
05:59:30.0216 9088 TrkWks - ok
05:59:30.0497 9088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:59:30.0528 9088 Udfs - ok
05:59:30.0747 9088 ultra - ok
05:59:31.0044 9088 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
05:59:31.0075 9088 UMWdf - ok
05:59:31.0419 9088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:59:31.0528 9088 Update - ok
05:59:31.0919 9088 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
05:59:31.0981 9088 upnphost - ok
05:59:32.0216 9088 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
05:59:32.0231 9088 UPS - ok
05:59:32.0481 9088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
05:59:32.0497 9088 usbaudio - ok
05:59:32.0762 9088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:59:32.0762 9088 usbccgp - ok
05:59:32.0997 9088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:59:33.0012 9088 usbehci - ok
05:59:33.0247 9088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:59:33.0262 9088 usbhub - ok
05:59:33.0512 9088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:59:33.0528 9088 usbprint - ok
05:59:33.0778 9088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:59:33.0778 9088 usbscan - ok
05:59:34.0012 9088 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:59:34.0028 9088 usbstor - ok
05:59:34.0247 9088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:59:34.0262 9088 usbuhci - ok
05:59:34.0481 9088 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
05:59:34.0497 9088 usb_rndisx - ok
05:59:34.0731 9088 VAIO Entertainment TV Device Arbitration Service (047eb1a2f1e591e8892dce24e9392a90) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
05:59:34.0825 9088 VAIO Entertainment TV Device Arbitration Service - ok
05:59:35.0606 9088 VAIOMediaPlatform-IntegratedServer-AppServer (9ba7faedc9d45e0d6641b87406e8ba1b) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
05:59:36.0731 9088 VAIOMediaPlatform-IntegratedServer-AppServer - ok
05:59:36.0856 9088 VAIOMediaPlatform-IntegratedServer-HTTP (f557abec44df2969fdf9d651c4b484b4) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
05:59:36.0934 9088 VAIOMediaPlatform-IntegratedServer-HTTP - ok
05:59:37.0200 9088 VAIOMediaPlatform-IntegratedServer-UPnP (15b2da6e153cc25d1555723894af7c45) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
05:59:37.0419 9088 VAIOMediaPlatform-IntegratedServer-UPnP - ok
05:59:37.0919 9088 VAIOMediaPlatform-VideoServer-AppServer (e676a2c17581d84cf739e2785e5e760b) C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
05:59:38.0762 9088 VAIOMediaPlatform-VideoServer-AppServer - ok
05:59:39.0028 9088 VAIOMediaPlatform-VideoServer-HTTP (f557abec44df2969fdf9d651c4b484b4) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
05:59:39.0059 9088 VAIOMediaPlatform-VideoServer-HTTP - ok
05:59:39.0325 9088 VAIOMediaPlatform-VideoServer-UPnP (15b2da6e153cc25d1555723894af7c45) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
05:59:39.0544 9088 VAIOMediaPlatform-VideoServer-UPnP - ok
05:59:39.0606 9088 Vcsw - ok
05:59:39.0997 9088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:59:40.0012 9088 VgaSave - ok
05:59:40.0231 9088 ViaIde - ok
05:59:40.0466 9088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:59:40.0481 9088 VolSnap - ok
05:59:40.0825 9088 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
05:59:41.0044 9088 VSS - ok
05:59:41.0278 9088 VzCdbSvc (15dda77e434484e6b5b4d0b60efe76ed) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
05:59:41.0356 9088 VzCdbSvc - ok
05:59:41.0434 9088 VzFw (0e362e517afeb0669bd473315be3cde5) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
05:59:41.0512 9088 VzFw - ok
05:59:41.0825 9088 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
05:59:41.0887 9088 W32Time - ok
05:59:42.0169 9088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:59:42.0184 9088 Wanarp - ok
05:59:42.0497 9088 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
05:59:42.0512 9088 wceusbsh - ok
05:59:43.0075 9088 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:59:43.0216 9088 Wdf01000 - ok
05:59:43.0434 9088 WDICA - ok
05:59:43.0747 9088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:59:43.0778 9088 wdmaud - ok
05:59:44.0044 9088 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
05:59:44.0059 9088 WebClient - ok
05:59:44.0372 9088 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
05:59:44.0419 9088 winmgmt - ok
05:59:44.0700 9088 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
05:59:44.0716 9088 WmdmPmSN - ok
05:59:45.0200 9088 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
05:59:45.0387 9088 Wmi - ok
05:59:45.0700 9088 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:59:45.0762 9088 WmiApSrv - ok
05:59:46.0059 9088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:59:46.0075 9088 WS2IFSL - ok
05:59:46.0325 9088 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
05:59:46.0356 9088 wscsvc - ok
05:59:46.0622 9088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:59:46.0637 9088 WSTCODEC - ok
05:59:46.0841 9088 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
05:59:46.0872 9088 wuauserv - ok
05:59:47.0247 9088 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
05:59:47.0387 9088 WZCSVC - ok
05:59:47.0716 9088 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
05:59:47.0762 9088 xmlprov - ok
05:59:47.0809 9088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:59:48.0122 9088 \Device\Harddisk0\DR0 - ok
05:59:48.0137 9088 Boot (0x1200) (070cf4751b81fa58b66d9279c7f265a8) \Device\Harddisk0\DR0\Partition0
05:59:48.0137 9088 \Device\Harddisk0\DR0\Partition0 - ok
05:59:48.0137 9088 ============================================================
05:59:48.0137 9088 Scan finished
05:59:48.0137 9088 ============================================================
05:59:48.0153 9732 Detected object count: 0
05:59:48.0153 9732 Actual detected object count: 0
05:59:58.0309 9516 Deinitialize success

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 23 April 2012 - 05:11 PM

Hello,
Delete the copy you have and try this.
Please try to download and run it in safemode.


Now reboot into Safe Mode with Networking.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option with networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 23 April 2012 - 07:40 PM

Fireman4it,

I ran combofix in safe mode. Here's a copy of the report. Before reboot it said there was a rootkit in the tcp/ip stack.

I also ran roguekiller. 6 registry keys were listed but no delete prompt. There's a delete button on the right. Should I delete the entries?



ComboFix 12-04-22.02 - Tim 04/23/2012 19:48:33.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.639 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\i2h0kfgn.default\weave\toFetch
c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\i2h0kfgn.default\weave\toFetch\clients.json
c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\i2h0kfgn.default\weave\toFetch\tabs.json
c:\documents and settings\Tim\Application Data\vso_ts_preview.xml
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-13 19:42 . 2012-01-09 08:26 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-13 19:42 . 2012-01-09 08:26 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-13 19:41 . 2012-04-13 19:41 -------- d-----w- c:\program files\Anvisoft
2012-04-13 19:03 . 2012-04-13 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-04-10 03:01 . 2012-04-10 03:01 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-05 23:17 . 2012-04-05 23:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixTDSS
2012-04-04 13:32 . 2012-04-04 13:32 -------- d-----w- c:\documents and settings\Tim\Application Data\ProgSense
2012-04-01 02:23 . 2012-04-01 02:23 -------- d-----w- c:\documents and settings\Tim\Application Data\FixZeroAccess
2012-03-30 03:06 . 2012-04-01 02:30 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-30 00:52 . 2012-03-30 00:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 06:00 . 2012-03-29 06:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-03-29 00:41 . 2012-03-29 05:33 -------- d-----w- C:\acdca6de73cfe81fa3344dc56f
2012-03-28 13:31 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-03-28 13:31 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-03-28 13:25 . 2012-03-28 13:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 03:01 . 2011-06-23 00:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-12-09 23:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 00:54 . 2004-12-01 18:28 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-05 03:29 . 2012-03-05 03:29 73728 ----a-w- c:\windows\ALCFDRTM.VER
2012-03-05 03:29 . 2012-03-05 03:29 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2012-02-03 09:22 . 2004-12-01 18:28 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 12:58 . 2011-03-28 23:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-30_02.19.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 01:15 . 2008-10-25 01:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2012-04-23 23:45 . 2012-04-23 23:45 16384 c:\windows\temp\Perflib_Perfdata_190.dat
+ 2009-06-11 02:52 . 2008-11-10 15:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-06-11 02:52 . 2008-11-10 15:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-06-11 02:52 . 2008-11-10 15:41 32656 c:\windows\system32\msonpmon.dll
+ 2012-04-10 03:29 . 2012-04-10 03:29 19968 c:\windows\Installer\106179.msi
- 2009-06-11 02:53 . 2012-03-29 06:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 1999-11-24 23:40 . 1999-11-24 23:40 40960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 21:24 . 2009-03-04 21:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-01-07 01:31 . 2009-01-07 01:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2006-07-24 14:50 . 2006-07-24 14:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-27 01:17 . 2006-10-27 01:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2009-06-11 02:49 . 2009-06-11 02:49 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-06-11 02:49 . 2009-06-11 02:49 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2009-06-11 02:48 . 2009-06-11 02:48 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 23:49 . 2006-10-26 23:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2009-06-11 02:49 . 2009-06-11 02:49 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 23:59 . 2006-10-26 23:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2009-06-11 02:49 . 2009-06-11 02:49 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2009-06-11 02:49 . 2009-06-11 02:49 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2009-06-11 02:48 . 2009-06-11 02:48 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 19:26 . 2006-10-27 19:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 19:01 . 2006-10-27 19:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 01:18 . 2006-10-27 01:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-27 01:41 . 2006-10-27 01:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2009-06-11 02:48 . 2009-06-11 02:48 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2009-06-11 02:47 . 2009-06-11 02:47 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 01:30 . 2006-10-27 01:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2012-04-05 23:35 . 2012-04-05 23:35 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2012-04-05 23:37 . 2012-04-05 23:37 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2012-04-05 23:38 . 2012-04-05 23:38 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2012-04-05 23:37 . 2012-04-05 23:37 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2012-04-05 23:28 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2647518\update\spcustom.dll
+ 2012-04-05 23:28 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2647518\spmsg.dll
+ 2012-04-05 23:41 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641653\update\spcustom.dll
+ 2012-04-05 23:41 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641653\spmsg.dll
+ 2012-04-05 23:29 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2621440\update\spcustom.dll
+ 2012-04-05 23:29 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2621440\spmsg.dll
+ 2009-06-11 02:52 . 2008-11-10 15:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-06-11 02:52 . 2008-11-10 15:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2012-04-10 03:01 . 2012-04-10 03:01 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-04-10 03:01 . 2012-04-10 03:01 253600 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2004-12-01 11:34 . 2012-04-05 23:46 295664 c:\windows\system32\FNTCACHE.DAT
- 2004-12-01 11:34 . 2012-03-28 13:28 295664 c:\windows\system32\FNTCACHE.DAT
+ 2004-12-01 19:39 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2011-08-10 11:07 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\106249.msp
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\10618e.msp
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\106092.msp
+ 2010-07-23 05:03 . 2010-07-23 05:03 338432 c:\windows\Installer\106051.msp
- 2009-06-11 02:43 . 2009-06-11 02:43 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-04-05 23:31 . 2012-04-05 23:31 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-06-11 02:53 . 2012-03-29 06:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-06-11 02:53 . 2012-04-10 03:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-06-11 02:52 . 2012-03-29 06:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-06-11 02:52 . 2012-04-10 03:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 22:11 . 2009-04-03 22:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-06 06:37 . 2009-03-06 06:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 06:06 . 2009-03-06 06:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-06 08:26 . 2009-03-06 08:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REGFORM.EXE
+ 2009-03-06 07:41 . 2009-03-06 07:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 14:59 . 2009-01-08 14:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2008-10-25 10:21 . 2008-10-25 10:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2012-04-05 23:38 . 2012-04-05 23:38 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 22:04 . 2009-04-03 22:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-21 04:49 . 2008-11-21 04:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-31 01:24 . 2008-10-31 01:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2009-03-06 08:55 . 2009-03-06 08:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 08:55 . 2009-03-06 08:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2000-05-24 03:45 . 2000-05-24 03:45 118784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2008-11-04 08:13 . 2008-11-04 08:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2008-11-04 04:04 . 2008-11-04 04:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2012-04-05 23:37 . 2012-04-05 23:37 118176 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL
+ 2008-10-25 13:27 . 2008-10-25 13:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOLK.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2009-02-14 10:04 . 2009-02-14 10:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL
+ 2009-02-12 19:19 . 2009-02-12 19:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL
+ 2009-03-06 08:33 . 2009-03-06 08:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL
+ 2009-02-14 10:03 . 2009-02-14 10:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE
+ 2008-11-21 04:48 . 2008-11-21 04:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTAB32.DLL
+ 2008-10-26 10:26 . 2008-10-26 10:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2006-10-27 00:49 . 2006-10-27 00:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2009-06-11 02:48 . 2009-06-11 02:48 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 19:23 . 2006-10-27 19:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 18:05 . 2006-10-26 18:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 19:21 . 2006-07-28 19:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 00:13 . 2006-10-27 00:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-27 00:09 . 2006-10-27 00:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2009-06-11 02:48 . 2009-06-11 02:48 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 01:07 . 2006-10-27 01:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 01:30 . 2006-10-27 01:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-26 22:53 . 2006-07-26 22:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-27 00:23 . 2006-10-27 00:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 19:39 . 2006-10-27 19:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 00:32 . 2006-10-27 00:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 12:37 . 2006-10-20 12:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2009-06-11 02:48 . 2009-06-11 02:48 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:56 . 2006-10-26 17:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 23:50 . 2006-10-26 23:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 18:47 . 2006-10-26 18:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 18:59 . 2006-10-27 18:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2009-06-11 02:49 . 2009-06-11 02:49 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2009-06-11 02:49 . 2009-06-11 02:49 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2009-06-11 02:48 . 2009-06-11 02:48 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 19:09 . 2006-10-27 19:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 00:12 . 2006-10-27 00:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 19:41 . 2006-10-27 19:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 23:49 . 2006-10-26 23:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2012-04-05 23:37 . 2012-04-05 23:37 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2012-04-10 03:27 . 2012-04-10 03:27 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2012-04-05 23:37 . 2012-04-05 23:37 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-04-10 03:34 . 2012-04-10 03:34 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-04-05 23:35 . 2012-04-05 23:35 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-04-05 23:28 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2647518$\spuninst\updspapi.dll
+ 2012-04-05 23:28 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2647518$\spuninst\spuninst.exe
+ 2012-04-05 23:41 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641653$\spuninst\updspapi.dll
+ 2012-04-05 23:41 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641653$\spuninst\spuninst.exe
+ 2012-04-05 23:29 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2621440$\spuninst\updspapi.dll
+ 2012-04-05 23:29 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2621440$\spuninst\spuninst.exe
+ 2012-04-05 23:29 . 2011-06-24 14:10 139656 c:\windows\$NtUninstallKB2621440$\rdpwd.sys
+ 2012-04-05 23:28 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2647518\update\updspapi.dll
+ 2012-04-05 23:28 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2647518\update\update.exe
+ 2012-04-05 23:28 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2647518\spuninst.exe
+ 2012-04-05 23:41 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641653\update\updspapi.dll
+ 2012-04-05 23:41 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641653\update\update.exe
+ 2012-04-05 23:41 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641653\spuninst.exe
+ 2012-04-05 23:29 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2621440\update\updspapi.dll
+ 2012-04-05 23:29 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2621440\update\update.exe
+ 2012-04-05 23:29 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2621440\spuninst.exe
+ 2012-03-30 02:13 . 2012-01-09 16:19 139784 c:\windows\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys
+ 2008-10-25 01:15 . 2008-10-25 01:15 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2012-04-10 03:01 . 2012-04-10 03:01 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\system32\FM20.DLL
+ 2008-10-15 20:19 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2009-04-04 21:10 . 2009-04-04 21:10 1282560 c:\windows\Installer\bdb72.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 7888384 c:\windows\Installer\bdb6b.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 9926144 c:\windows\Installer\bdb62.msp
+ 2009-04-04 14:14 . 2009-04-04 14:14 1094656 c:\windows\Installer\bd9aa.msp
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\106234.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 4250112 c:\windows\Installer\10621e.msp
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\106206.msp
+ 2011-06-21 15:59 . 2011-06-21 15:59 1764352 c:\windows\Installer\1061f0.msp
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\1061d6.msp
+ 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\1061ba.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\1061a4.msp
+ 2010-08-13 22:00 . 2010-08-13 22:00 9404928 c:\windows\Installer\106173.msp
+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\10615b.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54 3126272 c:\windows\Installer\106142.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\106141.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\106126.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 2247168 c:\windows\Installer\106110.msp
+ 2010-05-20 23:57 . 2010-05-20 23:57 4989952 c:\windows\Installer\1060f9.msp
+ 2010-05-20 23:57 . 2010-05-20 23:57 5907456 c:\windows\Installer\1060f8.msp
+ 2011-11-11 20:14 . 2011-11-11 20:14 9096192 c:\windows\Installer\1060d9.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 4225536 c:\windows\Installer\1060c3.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\1060a8.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 2531840 c:\windows\Installer\10607d.msp
+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\106067.msp
+ 2011-11-11 20:15 . 2011-11-11 20:15 1795584 c:\windows\Installer\106017.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\106001.msp
+ 2011-11-11 20:16 . 2011-11-11 20:16 8458240 c:\windows\Installer\105feb.msp
- 2009-06-11 02:52 . 2012-03-29 06:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-11 02:52 . 2012-04-10 03:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-11 02:52 . 2012-03-29 06:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-06-11 02:52 . 2012-04-10 03:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-11-10 06:41 . 2008-11-10 06:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-03 22:04 . 2009-04-03 22:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-03-06 06:05 . 2009-03-06 06:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-02-05 15:36 . 2009-02-05 15:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-03-06 07:41 . 2009-03-06 07:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2009-03-06 08:26 . 2009-03-06 08:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL
+ 2008-11-04 04:40 . 2008-11-04 04:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INFOPATH.EXE
+ 2009-02-14 10:03 . 2009-02-14 10:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL
+ 2009-04-03 01:44 . 2009-04-03 01:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 04:42 . 2006-09-30 04:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 18:57 . 2006-10-27 18:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 19:04 . 2006-10-27 19:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-27 00:07 . 2006-10-27 00:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 19:03 . 2006-10-27 19:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 19:03 . 2006-10-27 19:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 19:16 . 2006-10-27 19:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 19:18 . 2006-10-27 19:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 00:14 . 2006-10-27 00:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 00:42 . 2006-10-27 00:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 18:47 . 2006-10-26 18:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 00:00 . 2006-10-27 00:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 00:02 . 2006-10-27 00:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 23:21 . 2006-10-26 23:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 18:10 . 2006-10-26 18:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2009-06-11 02:48 . 2009-06-11 02:48 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 23:49 . 2006-10-26 23:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2012-04-05 23:37 . 2012-04-05 23:37 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-04-05 23:41 . 2012-01-12 16:53 1859968 c:\windows\$NtUninstallKB2641653$\win32k.sys
+ 2012-03-30 02:13 . 2012-02-03 09:26 1869184 c:\windows\$hf_mig$\KB2641653\SP3QFE\win32k.sys
+ 2009-04-04 21:09 . 2009-04-04 21:09 15190016 c:\windows\Installer\bd9ca.msp
+ 2009-04-04 15:36 . 2009-04-04 15:36 21390848 c:\windows\Installer\bd9ab.msp
+ 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\10603b.msp
+ 2010-07-23 05:04 . 2010-07-23 05:04 11395072 c:\windows\Installer\105fd5.msp
+ 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 22:11 . 2009-04-03 22:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 06:06 . 2009-03-06 06:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 22:46 . 2009-04-03 22:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-03-06 06:37 . 2009-03-06 06:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
+ 2009-04-03 22:11 . 2009-04-03 22:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2006-10-27 01:13 . 2006-10-27 01:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 19:23 . 2006-10-27 19:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 19:14 . 2006-10-27 19:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 19:01 . 2006-10-27 19:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 19:07 . 2006-10-27 19:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\bdb58.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7CF5C23-CA56-440B-8E87-8E2D05BE2113}]
2010-01-05 07:51 3036672 ----a-w- c:\program files\VideoDownloader\VideoDownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{283B4AA3-1B7A-46E6-B56D-90EF4743FB2C}"= "c:\program files\VideoDownloader\VideoDownloader.dll" [2010-01-05 3036672]
.
[HKEY_CLASSES_ROOT\clsid\{283b4aa3-1b7a-46e6-b56d-90ef4743fb2c}]
[HKEY_CLASSES_ROOT\VideoDownloader.VideoDownloaderBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA80D6E-79D4-483F-AF7C-52851C945761}]
[HKEY_CLASSES_ROOT\VideoDownloader.VideoDownloaderBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rtk]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^TurboApps WinMobile Conduit.lnk]
path=c:\documents and settings\Tim\Start Menu\Programs\Startup\TurboApps WinMobile Conduit.lnk
backup=c:\windows\pss\TurboApps WinMobile Conduit.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 14:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-29 15:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2008-11-17 22:50 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-29 00:17 136176 ----atw- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 20:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 20:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Sony\\Click to DVD 2\\AuthoringServerExe.exe"=
"c:\\pfs\\callatl\\rteng9.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avfsmn;avfsmn;c:\windows\system32\drivers\avfsmn.sys [4/13/2012 3:42 PM 17704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2/3/2012 3:55 AM 296232]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [4/13/2012 3:42 PM 23848]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [3/19/2008 9:09 PM 20480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/9/2012 11:01 PM 253600]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/3/2008 3:40 PM 16512]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C.tmp --> c:\windows\system32\C.tmp [?]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/16/2008 4:31 AM 7808]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
queuemgr
ESMCR
vulfntrs
HpqKbFiltr
nalntservice
acdpowerservice
SE2Cbus
smcservice
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:01]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259738859-4239115706-771013760-1005Core.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-29 00:17]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259738859-4239115706-771013760-1005UA.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-29 00:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{07DAC96B-7FAC-424D-976A-7BA5C184696C}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\i2h0kfgn.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Belarc Advisor - c:\progra~1\Belarc\Advisor\Uninstall.exe
AddRemove-Movielink eHome_is1 - c:\program files\Movielink\eHome\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-23 20:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTK]
"ImagePath"="\??\c:\windows\System32\Drivers\53b79432."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4259738859-4239115706-771013760-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-04-23 20:13:56
ComboFix-quarantined-files.txt 2012-04-24 00:13
ComboFix2.txt 2012-03-30 03:55
ComboFix3.txt 2012-03-30 02:58
ComboFix4.txt 2012-03-30 02:21
ComboFix5.txt 2012-04-01 02:37
.
Pre-Run: 17,294,008,320 bytes free
Post-Run: 17,401,405,440 bytes free
.
- - End Of File - - CD66AB7E84B4B888FABD4F90F3CA1A65







RKREPORT

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tim [Admin rights]
Mode: Scan -- Date: 04/23/2012 20:23:37

Bad processes: 0

Registry Entries: 6
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Maxtor 7Y250M0 +++++
--- User ---
[MBR] e6416f849e94744466f43b3cf6daa505
[BSP] c36113eb246b5adeb9425c0aa09cef6d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 234236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 23 April 2012 - 10:41 PM

  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 24 April 2012 - 01:00 AM

After re-running RogueKiller my proper wallpaper appeared but my searches are still being redirected.






RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tim [Admin rights]
Mode: Remove -- Date: 04/24/2012 01:54:15

Bad processes: 0

Registry Entries: 6
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver: [LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Maxtor 7Y250M0 +++++
--- User ---
[MBR] e6416f849e94744466f43b3cf6daa505
[BSP] c36113eb246b5adeb9425c0aa09cef6d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 234236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 24 April 2012 - 03:57 PM

Hello,

Are you being redirected in Firefox or Internet Explorer or both?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 24 April 2012 - 08:28 PM

Chrome and Firefox are my primary browsers. Both are being redirected. I just did a dozen searches in IE and was not redirected.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 25 April 2012 - 07:18 PM

Hello,

We are seeing this more and more with this new infection. Once the machine is cleaned up the best thing to do is uninstall Chrome and Firefox and reinstall them. Make sure if it asks to delete any application data file or profile file you let it.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Mozilla Firefox
Google Chrome


Additional instructions can be found here if needed.


Firefox download page:
Google Chrome download page:

Tell me if it still redirecting after you reinstall.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 25 April 2012 - 07:30 PM

fireman4it,

When removing the programs and re-installing them will I lose all my bookmarks? If yes can they be backed up and re-installed also?

Thanks again for all the help

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:18 PM

Posted 25 April 2012 - 07:58 PM

Hello,


You can back up your Firefox bookmarks

Open Firefox
Click Bookmarks
Next Click Showall Bookmarks
Next Click Import and Backup
Click Export to HTML
Choose a place to Export them so that you can find them easily.

Do the same to import them back Import from HTML choose that file.


How to export and import Google Bookmarks
Export
Import

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Timzzilla

Timzzilla
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 25 April 2012 - 10:44 PM

Uninstalled then re-installed Firefox and Chrome. Performed multiple searches with no redirects. My computer seems to be back to normal. Fireman4it you did a great job helping me get this taken care of. Your help was greatly appreciated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users