Search redirect and Unable to update spyware software, etc.

mouthbre · 04-11-2009, 01:02 PM

Hello, I'm running Vista home on a new Toshiba Laptop and today began experiencing google and other search engine redirects. Also, I'm unable to auto-update ANY virus or spyware software (defender, ca security, spydoctor, etc.)

Thank you!!

Here's the log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Shannon at 14:37:51.87 on Sat 04/11/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1713 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shannon\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [EPSON Stylus CX9400Fax Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticfa.exe /fu "c:\windows\temp\E_SC327.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 85.255.112.142,85.255.112.187
TCP: {5E6D4197-FDD6-458D-8056-6868868EBE37} = 85.255.112.142,85.255.112.187
TCP: {DF4DEC13-E5A6-4EFC-826B-3424B6401E01} = 85.255.112.142,85.255.112.187
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\shannon\appdata\roaming\mozilla\firefox\profiles\5t4dtf65.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/index.cfm
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-11 130424]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-2-13 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-11 348752]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-3-29 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-6 7168]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-6 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-2-13 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-14 9216]

=============== Created Last 30 ================

2009-04-11 13:13 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-11 13:12 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-11 13:12 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-11 13:12 <DIR> a-d----- c:\programdata\TEMP
2009-04-11 13:12 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-11 13:12 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-11 13:12 <DIR> --d----- c:\users\shannon\appdata\roaming\PC Tools
2009-04-11 13:12 <DIR> --d----- c:\programdata\PC Tools
2009-04-11 13:12 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-11 13:12 <DIR> --d----- c:\progra~2\PC Tools
2009-04-11 12:42 <DIR> --d----- c:\program files\a-squared Free
2009-04-10 12:11 <DIR> --d----- c:\program files\Lame for Audacity
2009-04-10 12:03 <DIR> --d----- c:\users\shannon\testj&s_data
2009-04-10 11:15 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-09 23:21 <DIR> --d----- c:\users\shannon\appdata\roaming\Thinstall
2009-04-09 22:49 <DIR> --d----- c:\users\shannon\appdata\roaming\uTorrent
2009-04-09 22:26 <DIR> --d----- C:\Temp
2009-04-05 22:18 <DIR> --d----- c:\program files\Guitar Pro 5
2009-03-30 23:51 <DIR> --d----- c:\programdata\Lavasoft
2009-03-30 23:51 <DIR> --d----- c:\program files\Lavasoft
2009-03-29 01:49 87,608 a------- c:\users\shannon\appdata\roaming\inst.exe
2009-03-29 01:49 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-29 01:49 47,360 a------- c:\users\shannon\appdata\roaming\pcouffin.sys
2009-03-29 01:49 <DIR> --d----- c:\program files\DVDFab 5
2009-03-29 01:28 <DIR> a-d--r-- c:\users\shannon\Union
2009-03-29 01:00 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-29 00:03 <DIR> --d----- c:\program files\MP3Gain
2009-03-28 23:11 <DIR> --d----- c:\program files\Power Tab Software
2009-03-28 20:37 <DIR> --d----- c:\program files\CCleaner
2009-03-28 20:15 <DIR> --d----- c:\programdata\FLEXnet
2009-03-28 20:08 <DIR> --d----- c:\program files\Bonjour
2009-03-28 20:04 <DIR> --d----- c:\programdata\DVD Shrink
2009-03-28 20:04 <DIR> --d----- c:\program files\DVD Shrink
2009-03-28 19:52 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-03-27 22:07 <DIR> --d----- C:\BamFiles
2009-03-27 22:05 <DIR> --d----- c:\program files\BadgesV2
2009-03-27 20:36 <DIR> --d----- c:\program files\WinMX
2009-03-27 20:33 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-03-27 16:23 67,072 a------- c:\windows\system32\escwiad.dll
2009-03-27 16:07 <DIR> --d----- C:\epson
2009-03-27 15:05 49,152 a------- c:\windows\system32\E_DCINST.DLL
2009-03-27 15:05 76,800 a------- c:\windows\system32\E_FLBCFP.DLL
2009-03-27 15:05 62,976 a------- c:\windows\system32\E_FD4BCFP.DLL
2009-03-27 15:05 <DIR> --d----- c:\program files\EPSON
2009-03-27 12:55 176,235 a------- c:\windows\system32\Primomonnt.dll
2009-03-27 12:55 <DIR> --d----- c:\windows\PrimoPDF4
2009-03-27 12:55 <DIR> --d----- c:\program files\activePDF
2009-03-27 09:21 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-03-27 09:21 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-03-27 09:20 <DIR> --d----- c:\program files\common files\Creative
2009-03-27 09:20 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-03-27 09:19 <DIR> --d----- c:\program files\Creative
2009-03-27 09:03 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-27 00:36 <DIR> --d----- c:\programdata\EPSON
2009-03-27 00:36 <DIR> --d----- c:\progra~2\EPSON
2009-03-26 19:26 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-26 19:23 <DIR> --d----- c:\program files\Netflix
2009-03-26 17:30 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-03-26 17:30 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-03-26 17:26 99,592 a------- c:\windows\system32\isafeif.dll
2009-03-26 17:26 79,424 a------- c:\windows\system32\vetredir.dll
2009-03-26 17:26 75,016 a------- c:\windows\system32\isafprod.dll
2009-03-26 17:26 32,264 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-03-26 17:26 26,376 a------- c:\windows\system32\drivers\vet-filt.sys
2009-03-26 17:26 21,512 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-03-26 17:26 21,128 a------- c:\windows\system32\drivers\vet-rec.sys
2009-03-26 17:26 <DIR> --d----- c:\program files\common files\Scanner
2009-03-26 17:25 <DIR> --d----- c:\programdata\CA
2009-03-26 17:25 <DIR> --d----- c:\progra~2\CA
2009-03-26 17:25 <DIR> --d----- c:\program files\CA
2009-03-26 16:59 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-26 16:08 376 a------- c:\windows\ODBC.INI
2009-03-26 16:08 30,512 a------- c:\windows\system32\mdimon.dll
2009-03-26 15:48 <DIR> --d----- c:\users\shannon\appdata\roaming\WinBatch
2009-03-26 15:23 2,838 a------- c:\windows\machine.ver
2009-03-26 15:23 67 a------- c:\windows\swupdate.INI
2009-03-26 14:46 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-03-26 14:23 2,048 a------- c:\windows\system32\tzres.dll
2009-03-26 14:07 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-26 14:07 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-26 14:07 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-26 14:07 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-26 14:07 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-26 14:07 11,264 a------- c:\windows\system32\icardres.dll
2009-03-26 14:07 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-26 14:07 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-26 14:01 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-26 14:01 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-26 14:01 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-26 14:00 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-26 14:00 83,968 a------- c:\windows\system32\mscories.dll
2009-03-26 13:58 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-26 13:58 827,392 a------- c:\windows\system32\wininet.dll
2009-03-26 13:58 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-03-26 13:57 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-03-26 13:57 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-03-26 13:56 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-03-26 13:54 738,304 a------- c:\windows\system32\inetcomm.dll
2009-03-26 13:52 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-26 13:51 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-26 13:47 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-26 13:41 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-26 13:40 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-26 13:40 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-26 13:40 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-26 13:37 <DIR> --d----- c:\users\shannon\appdata\roaming\Symantec
2009-03-26 13:36 14 ---shr-- c:\windows\system32\drivers\fbd.sys
2009-03-26 13:36 4 ---shr-- c:\windows\system32\drivers\taishop.sys
2009-03-26 13:36 <DIR> --d----- c:\users\Shannon

==================== Find3M ====================

2009-03-29 01:50 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-29 01:50 51,200 a------- c:\windows\inf\infpub.dat
2009-03-29 01:50 86,016 a------- c:\windows\inf\infstor.dat
2009-03-26 14:34 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-02 14:10 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-13 00:53 319,456 a------- c:\windows\DIFxAPI.dll
2009-02-13 00:53 315,392 a------- c:\windows\HideWin.exe
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-16 09:59 73,728 a------- c:\windows\system32\RtNicProp32.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:38:18.98 ===============

mouthbre · 04-11-2009, 01:08 PM

Sorry, I also am unable to do a system restore. A disk error is reported.

Thanks

Ried · 04-12-2009, 07:54 AM

Hello mouthbre and welcome,

You have a nasty rootkit onboard and this will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

mouthbre · 04-13-2009, 07:18 AM

Hello Reid,

Thank you very much for your time and assistance. I have also noticed that this little bugger has essentially taken away my ability to burn any dvd's. I get a message that there's no burner istalled or it's busy. I discovered this when I tried to burn a system restore dvd. I suspect I got this when I did a utorrent download. I'll never do that again!

Again, thanks. Here's the combofix log. I'll also attach the txt file.

Shannon

ComboFix 09-04-13.A2 - Shannon 2009-04-13 9:00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2365 [GMT -4:00]
Running from: c:\users\Shannon\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcpqeasuwdmkynptielpcnsqdppxyvrlmy.sys
c:\windows\system32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys

((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-12 16:08 . 2009-04-12 16:08 -------- d-----w c:\users\Shannon\AppData\Roaming\DriverCure
2009-04-12 16:07 . 2009-04-12 16:11 -------- d-----w c:\users\All Users\DriverCure
2009-04-12 16:07 . 2009-04-12 16:11 -------- d-----w c:\programdata\DriverCure
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\users\All Users\ParetoLogic
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\programdata\ParetoLogic
2009-04-12 15:51 . 2009-04-12 15:51 -------- d-----w c:\users\Shannon\AppData\Local\WindowsUpdate
2009-04-12 14:35 . 2009-04-12 14:35 -------- d-----w c:\users\Guest\AppData\Roaming\TOSHIBA
2009-04-12 14:35 . 2009-04-12 14:35 -------- d-----w c:\users\Guest\AppData\Roaming\DivX
2009-04-11 23:59 . 2009-04-11 23:59 -------- d-----w c:\users\All Users\Grisoft
2009-04-11 23:59 . 2009-04-11 23:59 -------- d-----w c:\programdata\Grisoft
2009-04-11 23:39 . 2009-04-12 15:45 -------- d-----w c:\users\Shannon\AppData\Local\Adobe
2009-04-11 17:12 . 2009-04-11 20:33 -------- d---a-w c:\users\All Users\TEMP
2009-04-11 17:12 . 2009-04-11 20:33 -------- d---a-w c:\programdata\TEMP
2009-04-10 15:15 . 2009-04-11 22:54 -------- d-----w c:\users\Shannon\AppData\Roaming\Audacity
2009-04-10 03:21 . 2009-04-10 03:21 -------- d-----w c:\users\Shannon\AppData\Roaming\Thinstall
2009-04-10 02:49 . 2009-04-10 15:01 -------- d-----w c:\users\Shannon\AppData\Roaming\uTorrent
2009-04-10 02:26 . 2009-04-10 02:26 -------- d-----w C:\Temp
2009-04-10 00:50 . 2009-04-10 00:50 -------- d-----w c:\users\Shannon\AppData\Roaming\Sony
2009-04-10 00:50 . 2009-04-10 00:50 -------- d-----w c:\users\Shannon\AppData\Local\Sony
2009-04-06 02:18 . 2009-04-06 02:18 -------- d-----w c:\program files\Guitar Pro 5
2009-04-01 03:43 . 2009-04-01 03:43 680 ----a-w c:\users\Shannon\AppData\Local\d3d9caps.dat
2009-03-31 03:53 . 2009-04-11 23:42 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\users\All Users\Lavasoft
2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\programdata\Lavasoft
2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\program files\Lavasoft
2009-03-29 06:37 . 2009-03-29 06:37 -------- d-----w c:\users\Shannon\AppData\Roaming\InstallShield
2009-03-29 05:49 . 2009-03-29 05:49 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-29 05:49 . 2009-03-29 05:49 47360 ----a-w c:\users\Shannon\AppData\Roaming\pcouffin.sys
2009-03-29 05:49 . 2009-04-07 04:05 -------- d-----w c:\users\Shannon\AppData\Roaming\Vso
2009-03-29 05:49 . 2009-03-29 05:49 -------- d-----w c:\program files\DVDFab 5
2009-03-29 05:28 . 2009-03-29 22:08 -------- d---a-r c:\users\Shannon\Union
2009-03-29 04:03 . 2009-03-29 04:03 -------- d-----w c:\program files\MP3Gain
2009-03-29 03:11 . 2009-03-29 03:11 -------- d-----w c:\program files\Power Tab Software
2009-03-29 00:44 . 2009-03-29 00:44 -------- d-----w c:\users\Shannon\AppData\Roaming\Media Player Classic
2009-03-29 00:37 . 2009-03-29 00:37 -------- d-----w c:\program files\CCleaner
2009-03-29 00:15 . 2009-03-29 00:24 -------- d-----w c:\users\All Users\FLEXnet
2009-03-29 00:15 . 2009-03-29 00:24 -------- d-----w c:\programdata\FLEXnet
2009-03-29 00:08 . 2009-03-29 00:08 -------- d-----w c:\program files\Bonjour
2009-03-29 00:04 . 2009-03-29 00:07 -------- d-----w c:\users\All Users\DVD Shrink
2009-03-29 00:04 . 2009-03-29 00:07 -------- d-----w c:\programdata\DVD Shrink
2009-03-29 00:04 . 2009-03-29 00:04 -------- d-----w c:\program files\DVD Shrink
2009-03-28 23:52 . 2009-03-28 23:52 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-28 02:07 . 2009-03-29 06:52 -------- d-----w C:\BamFiles
2009-03-28 02:05 . 2009-03-29 21:08 -------- d-----w c:\program files\BadgesV2
2009-03-28 00:36 . 2009-03-28 00:53 -------- d-----w c:\program files\WinMX
2009-03-28 00:33 . 2009-03-28 00:33 -------- d-----w c:\windows\system32\IOSUBSYS
2009-03-28 00:17 . 2009-03-30 19:23 -------- d-----w c:\users\Shannon\AppData\Roaming\Ulead Systems
2009-03-28 00:17 . 2009-04-07 20:55 -------- d-----w c:\users\Shannon\AppData\Roaming\TOSHIBA
2009-03-27 20:23 . 2007-04-18 04:00 67072 ----a-w c:\windows\system32\escwiad.dll
2009-03-27 20:07 . 2009-03-27 20:22 -------- d-----w C:\epson
2009-03-27 19:05 . 2004-09-11 09:12 49152 ----a-w c:\windows\system32\E_DCINST.DLL
2009-03-27 19:05 . 2006-12-08 15:04 76800 ----a-w c:\windows\system32\E_FLBCFP.DLL
2009-03-27 19:05 . 2006-04-19 15:00 62976 ----a-w c:\windows\system32\E_FD4BCFP.DLL
2009-03-27 19:05 . 2009-03-27 20:23 -------- d-----w c:\program files\EPSON
2009-03-27 16:55 . 2006-12-11 20:12 176235 ----a-w c:\windows\system32\Primomonnt.dll
2009-03-27 16:55 . 2009-03-27 16:55 -------- d-----w c:\windows\PrimoPDF4
2009-03-27 16:55 . 2009-03-27 16:55 -------- d-----w c:\program files\activePDF
2009-03-27 13:21 . 1999-12-13 13:01 44032 ------w c:\windows\system32\CTSVCCDA.EXE
2009-03-27 13:21 . 1999-11-18 13:00 25088 ------w c:\windows\system32\CTSVCCTL.EXE
2009-03-27 13:20 . 2009-03-27 13:20 -------- d-----w c:\program files\Common Files\Creative
2009-03-27 13:20 . 2009-03-27 13:24 -------- d--h--w c:\program files\Creative Installation Information
2009-03-27 13:19 . 2009-03-27 13:22 -------- d-----w c:\program files\Creative
2009-03-27 13:03 . 2009-03-27 13:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-27 04:36 . 2009-03-27 20:14 -------- d-----w c:\users\All Users\EPSON
2009-03-27 04:36 . 2009-03-27 20:14 -------- d-----w c:\programdata\EPSON
2009-03-27 00:01 . 2009-03-27 00:01 -------- d-----w c:\users\Shannon\AppData\Local\Qurb4
2009-03-26 23:26 . 2009-03-26 23:26 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-26 23:23 . 2009-03-26 23:23 -------- d-----w c:\program files\Netflix
2009-03-26 21:30 . 2009-03-26 21:30 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-03-26 21:30 . 2009-03-26 21:30 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-03-26 21:26 . 2007-08-20 17:38 32264 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-03-26 21:26 . 2007-08-20 17:38 21512 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-03-26 21:26 . 2007-08-20 17:38 26376 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-03-26 21:26 . 2007-08-20 17:38 21128 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-03-26 21:26 . 2007-08-20 17:37 75016 ----a-w c:\windows\system32\isafprod.dll
2009-03-26 21:26 . 2007-08-20 17:37 99592 ----a-w c:\windows\system32\isafeif.dll
2009-03-26 21:26 . 2007-08-20 17:26 79424 ----a-w c:\windows\system32\vetredir.dll
2009-03-26 21:26 . 2009-03-26 21:26 -------- d-----w c:\program files\Common Files\Scanner
2009-03-26 21:25 . 2009-03-26 21:30 -------- d-----w c:\users\All Users\CA
2009-03-26 21:25 . 2009-03-26 21:30 -------- d-----w c:\programdata\CA
2009-03-26 21:25 . 2009-03-26 21:26 -------- d-----w c:\program files\CA
2009-03-26 20:59 . 2009-03-29 23:59 -------- d-----w c:\users\Shannon\AppData\Roaming\CyberLink
2009-03-26 20:59 . 2009-03-26 20:59 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-26 20:08 . 2009-03-26 20:08 376 ----a-w c:\windows\ODBC.INI
2009-03-26 20:08 . 2006-10-26 23:58 30512 ----a-w c:\windows\system32\mdimon.dll
2009-03-26 19:48 . 2009-03-26 19:48 -------- d-----w c:\users\Shannon\AppData\Roaming\WinBatch
2009-03-26 19:33 . 2009-04-11 15:38 -------- d-----w c:\users\Shannon\AppData\Local\Microsoft Help
2009-03-26 19:23 . 2009-04-12 14:57 2838 ----a-w c:\windows\machine.ver
2009-03-26 19:23 . 2009-04-12 14:57 67 ----a-w c:\windows\swupdate.INI
2009-03-26 18:46 . 2009-03-26 18:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-03-26 18:23 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-03-26 18:07 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-26 18:07 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-26 18:07 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-03-26 18:07 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-26 18:07 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-26 18:07 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-26 18:07 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-26 18:07 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-26 18:01 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-26 18:01 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-26 18:01 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-26 18:00 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-26 18:00 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-26 17:58 . 2009-01-15 06:11 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-26 17:58 . 2009-01-15 03:36 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-03-26 17:58 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-03-26 17:57 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-03-26 17:57 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-03-26 17:56 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-03-26 17:54 . 2008-04-10 05:12 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-03-26 17:52 . 2008-04-26 08:08 1314816 ----a-w c:\windows\system32\quartz.dll
2009-03-26 17:51 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll
2009-03-26 17:47 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-03-26 17:41 . 2009-03-26 17:41 -------- d-----w c:\users\Shannon\AppData\Local\Mozilla
2009-03-26 17:41 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-03-26 17:41 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-03-26 17:41 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-03-26 17:41 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-03-26 17:40 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-03-26 17:40 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-03-26 17:40 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-03-26 17:40 . 2008-10-16 18:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-03-26 17:40 . 2008-10-16 17:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Local\Toshiba

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 12:51 . 2009-04-13 12:51 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-13 12:51 . 2009-04-13 12:51 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-12 15:51 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-12 15:51 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-12 15:51 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-12 14:34 . 2009-04-12 14:34 115192 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 14:34 . 2009-04-12 14:34 -------- d-----w c:\users\Guest\AppData\Roaming\Grisoft
2009-04-12 14:34 . 2009-04-12 14:34 -------- d-----w c:\users\Guest\AppData\Roaming\ATI
2009-04-12 14:34 . 2009-02-13 04:31 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-12 14:34 . 2009-02-13 04:31 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-12 14:34 . 2009-02-13 04:31 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-11 17:53 . 2008-05-06 18:35 -------- d-----w c:\program files\Google
2009-04-01 03:55 . 2009-03-31 04:16 1678 ----a-w C:\aaw7boot.log
2009-03-29 06:38 . 2008-05-06 18:26 -------- d-----w c:\programdata\Toshiba
2009-03-29 06:38 . 2008-05-06 18:15 -------- d-----w c:\program files\Toshiba
2009-03-29 06:38 . 2008-05-06 18:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 05:02 . 2009-03-29 05:00 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-29 02:29 . 2008-05-13 17:26 -------- d-----w c:\program files\Common Files\Adobe
2009-03-28 01:59 . 2009-03-26 21:25 36198 ----a-w C:\caisslog.txt
2009-03-26 23:46 . 2009-02-13 04:37 -------- d-----w c:\programdata\Microsoft Help
2009-03-26 23:42 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-26 21:26 . 2009-03-26 21:26 35714 ----a-w C:\caavsetupLog.txt
2009-03-26 20:59 . 2008-05-06 18:28 -------- d-----w c:\programdata\CyberLink
2009-03-26 20:57 . 2008-05-06 20:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-26 18:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-26 18:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-03-26 17:36 . 2009-03-26 17:36 14 --sh--r c:\windows\System32\drivers\fbd.sys
2009-03-26 17:36 . 2009-03-26 17:36 14 --sh--r c:\windows\system32\drivers\fbd.sys
2009-03-26 17:36 . 2009-03-26 17:36 4 --sh--r c:\windows\system32\drivers\taishop.sys
2009-03-26 17:36 . 2009-03-26 17:36 4 --sh--r c:\windows\System32\drivers\taishop.sys
2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\System32\RtNicProp32.dll
2009-03-02 18:10 . 2009-03-29 05:00 67584 ----a-w c:\windows\System32\ff_vfw.dll
2009-02-13 05:22 . 2009-02-13 05:21 -------- d-----w c:\program files\Common Files\Toshiba Shared
2009-02-13 05:20 . 2009-02-13 05:17 -------- d-----w c:\programdata\Atheros
2009-02-13 05:20 . 2009-02-13 05:20 -------- d-----w c:\program files\Jumpstart
2009-02-13 05:19 . 2009-02-13 05:18 -------- d-----w c:\program files\Atheros
2009-02-13 05:17 . 2009-02-13 05:17 -------- d-----w c:\program files\ltmoh
2009-02-13 05:14 . 2009-02-13 05:14 -------- d-----w c:\programdata\ATI
2009-02-13 04:58 . 2009-02-13 04:58 -------- d-----w c:\program files\Camera Assistant Software for Toshiba
2009-02-13 04:53 . 2009-02-13 04:53 319456 ----a-w c:\windows\DIFxAPI.dll
2009-02-13 04:53 . 2009-02-13 04:53 315392 ----a-w c:\windows\HideWin.exe
2009-02-13 04:53 . 2008-05-14 00:57 -------- d-----w c:\program files\Realtek
2009-02-13 04:51 . 2009-02-13 04:50 -------- d-----w c:\program files\ATI Technologies
2009-02-13 04:48 . 2009-02-13 04:48 -------- d-----w c:\program files\ATI
2009-02-13 04:43 . 2009-02-13 04:43 -------- d-----w c:\program files\Microsoft Office Suite Activation Assistant
2009-02-13 04:38 . 2009-02-13 04:38 -------- d-----w c:\program files\Microsoft.NET
2009-02-13 04:32 . 2009-02-13 04:32 -------- d-----w c:\program files\Microsoft Works
2009-02-09 03:10 . 2009-03-26 17:54 2033152 ----a-w c:\windows\System32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 843776]
"EPSON Stylus CX9400Fax Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" [2007-03-23 182272]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-13 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-03-26 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-03-26 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-10-24 1242424]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{14740E99-68DB-4650-8B7B-191D8F6F6EEF}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0638D1F7-F46A-40B8-950C-9A3EACAD4BA4}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{99D00FD7-E3C0-4E29-89C4-BB41751CC14F}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{2DACAD68-A4DF-4113-8D7F-5391025987EB}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{427B19D7-56EE-46EF-B94C-EC1A9FD574C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{976115CF-0655-45E6-B8D7-82B8978099E8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{258FE3F9-1157-4090-A03F-76450A9FA830}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CCA9F292-A0A6-4A36-996A-CFFBA598FAB0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{744BD608-BD58-4649-B638-5D439DC47DB9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2628E3F5-F6D9-416A-8B56-A978EAE04D87}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{632CF3E1-E6BF-436F-90AB-89BC711A4049}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{842CDE1A-55DC-43D8-96B8-1628AB407C56}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC508B8D-51E2-480B-9198-13249B64A43E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ECA36B1C-3080-4A01-A1A2-DA0764ECE701}c:\\program files\\winmx\\winmx.exe"= UDP:c:\program files\winmx\winmx.exe:WinMX Application
"UDP Query User{1B75A484-CDCC-4AE9-ACE9-3989E1DC21A8}c:\\program files\\winmx\\winmx.exe"= TCP:c:\program files\winmx\winmx.exe:WinMX Application
"TCP Query User{7E946085-A722-41CD-B37D-063143E327F8}c:\\program files\\microsoft office\\office12\\groove.exe"= UDP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"UDP Query User{687A6D22-B0D1-4030-BBB5-BAF0597DFF34}c:\\program files\\microsoft office\\office12\\groove.exe"= TCP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"TCP Query User{060BE090-AD7D-405B-830C-F4AC4F7F369D}c:\\users\\shannon\\downloads\\keygen_guitar.pro.5.2.exe"= UDP:c:\users\shannon\downloads\keygen_guitar.pro.5.2.exe:keygen_guitar.pro.5.2.exe
"UDP Query User{69437951-6C80-4F61-B3D3-4245C75072DF}c:\\users\\shannon\\downloads\\keygen_guitar.pro.5.2.exe"= TCP:c:\users\shannon\downloads\keygen_guitar.pro.5.2.exe:keygen_guitar.pro.5.2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-06 29744]
R3 IO_Memory;IO_Memory; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-10-24 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]

.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-04-11 c:\windows\Tasks\CAAntiSpywareScan_Daily as Shannon at 6 26 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10]

2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{290A22F6-D346-4530-8DD6-498CE0400FC0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 22:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\5t4dtf65.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/index.cfm
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 09:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-04-13 9:04
ComboFix-quarantined-files.txt 2009-04-13 13:04
ComboFix2.txt 2009-04-11 20:26

Pre-Run: 224,548,302,848 bytes free
Post-Run: 224,528,572,416 bytes free

314 --- E O F --- 2009-04-12 15:51

Ried · 04-13-2009, 08:18 PM

Quote:

I suspect I got this when I did a utorrent download. I'll never do that again!

It's either from that, winmx downloads, or the crack program you have.

Take a look at these sticky topics as noted in our New Instructions - Read This Before Posting for Malware Removal Help:

Cracked/Illegal Software
Perils of P2P File Sharing.

With the above programs on your system, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

mouthbre · 04-14-2009, 08:21 AM

Reid,

Believe me, I've learned a valuable lesson! I can almost guarantee that it came from the torrent download, as I noticed the infection the very next day. I can assure you that file sharing and cracks are a thing of the past.

I'm very grateful for the time and effort that you, and others like you, commit to helping others. I will follow your instructions and post the follow up report immediately.

Thank you!

mouthbre · 04-14-2009, 04:16 PM

Thanks again! Here's the report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 14, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 14, 2009 20:59:22
Records in database: 2044167
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 158940
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:54:22

File name / Threat name / Threats count
C:\Windows\System32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll Infected: Trojan.Win32.Agent2.hoq 1

The selected area was scanned.

Ried · 04-14-2009, 04:27 PM

Hi mouthbre,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

File::
C:\Windows\System32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{060BE090-AD7D-405B-830C-F4AC4F7F369D}c:\\users\\shannon\\downloads\\keygen_guitar.pro.5.2.exe"=-
"UDP Query User{69437951-6C80-4F61-B3D3-4245C75072DF}c:\\users\\shannon\\downloads\\keygen_guitar.pro.5.2.exe"=-

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, post the C:\ComboFix.txt

mouthbre · 04-14-2009, 06:39 PM

ComboFix 09-04-15.03 - Shannon 04/14/2009 20:27.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2060 [GMT -4:00]
Running from: c:\users\Shannon\Desktop\ComboFix.exe
Command switches used :: c:\users\Shannon\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\System32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcpqeasuwdmkynptielpcnsqdppxyvrlmy.sys
c:\windows\system32\gxvxccounter
c:\windows\System32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 00:00 . 2009-04-15 00:00 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files
2009-04-15 00:00 . 2009-04-15 00:00 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-04-14 23:28 . 2009-04-14 23:28 0 ----a-w c:\windows\system32\core
2009-04-14 22:56 . 2009-04-14 22:56 -------- d-----w c:\program files\Audacity
2009-04-14 16:08 . 2009-04-14 16:08 -------- d-----w c:\windows\Sun
2009-04-13 22:13 . 2009-04-13 22:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-12 16:08 . 2009-04-12 16:08 -------- d-----w c:\users\Shannon\AppData\Roaming\DriverCure
2009-04-12 16:07 . 2009-04-12 16:11 -------- d-----w c:\users\All Users\DriverCure
2009-04-12 16:07 . 2009-04-12 16:11 -------- d-----w c:\programdata\DriverCure
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\users\All Users\ParetoLogic
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\programdata\ParetoLogic
2009-04-12 15:51 . 2009-04-12 15:51 -------- d-----w c:\users\Shannon\AppData\Local\WindowsUpdate
2009-04-12 14:35 . 2009-04-12 14:35 -------- d-----w c:\users\Guest\AppData\Roaming\TOSHIBA
2009-04-12 14:35 . 2009-04-12 14:35 -------- d-----w c:\users\Guest\AppData\Roaming\DivX
2009-04-11 23:59 . 2009-04-11 23:59 -------- d-----w c:\users\All Users\Grisoft
2009-04-11 23:59 . 2009-04-11 23:59 -------- d-----w c:\programdata\Grisoft
2009-04-11 23:39 . 2009-04-14 13:52 -------- d-----w c:\users\Shannon\AppData\Local\Adobe
2009-04-11 17:12 . 2009-04-11 20:33 -------- d---a-w c:\users\All Users\TEMP
2009-04-11 17:12 . 2009-04-11 20:33 -------- d---a-w c:\programdata\TEMP
2009-04-10 15:15 . 2009-04-11 22:54 -------- d-----w c:\users\Shannon\AppData\Roaming\Audacity
2009-04-10 03:21 . 2009-04-10 03:21 -------- d-----w c:\users\Shannon\AppData\Roaming\Thinstall
2009-04-10 02:49 . 2009-04-10 15:01 -------- d-----w c:\users\Shannon\AppData\Roaming\uTorrent
2009-04-10 02:26 . 2009-04-10 02:26 -------- d-----w C:\Temp
2009-04-10 00:50 . 2009-04-10 00:50 -------- d-----w c:\users\Shannon\AppData\Roaming\Sony
2009-04-10 00:50 . 2009-04-10 00:50 -------- d-----w c:\users\Shannon\AppData\Local\Sony
2009-04-06 02:18 . 2009-04-06 02:18 -------- d-----w c:\program files\Guitar Pro 5
2009-04-01 03:43 . 2009-04-01 03:43 680 ----a-w c:\users\Shannon\AppData\Local\d3d9caps.dat
2009-03-31 03:53 . 2009-04-11 23:42 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\users\All Users\Lavasoft
2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\programdata\Lavasoft
2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\program files\Lavasoft
2009-03-29 06:37 . 2009-03-29 06:37 -------- d-----w c:\users\Shannon\AppData\Roaming\InstallShield
2009-03-29 05:49 . 2009-03-29 05:49 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-29 05:49 . 2009-03-29 05:49 47360 ----a-w c:\users\Shannon\AppData\Roaming\pcouffin.sys
2009-03-29 05:49 . 2009-04-07 04:05 -------- d-----w c:\users\Shannon\AppData\Roaming\Vso
2009-03-29 05:49 . 2009-03-29 05:49 -------- d-----w c:\program files\DVDFab 5
2009-03-29 05:28 . 2009-03-29 22:08 -------- d---a-r c:\users\Shannon\Union
2009-03-29 04:03 . 2009-03-29 04:03 -------- d-----w c:\program files\MP3Gain
2009-03-29 03:11 . 2009-03-29 03:11 -------- d-----w c:\program files\Power Tab Software
2009-03-29 00:44 . 2009-03-29 00:44 -------- d-----w c:\users\Shannon\AppData\Roaming\Media Player Classic
2009-03-29 00:37 . 2009-03-29 00:37 -------- d-----w c:\program files\CCleaner
2009-03-29 00:15 . 2009-03-29 00:24 -------- d-----w c:\users\All Users\FLEXnet
2009-03-29 00:15 . 2009-03-29 00:24 -------- d-----w c:\programdata\FLEXnet
2009-03-29 00:08 . 2009-03-29 00:08 -------- d-----w c:\program files\Bonjour
2009-03-29 00:04 . 2009-03-29 00:07 -------- d-----w c:\users\All Users\DVD Shrink
2009-03-29 00:04 . 2009-03-29 00:07 -------- d-----w c:\programdata\DVD Shrink
2009-03-29 00:04 . 2009-03-29 00:04 -------- d-----w c:\program files\DVD Shrink
2009-03-28 23:52 . 2009-03-28 23:52 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-28 02:07 . 2009-03-29 06:52 -------- d-----w C:\BamFiles
2009-03-28 02:05 . 2009-03-29 21:08 -------- d-----w c:\program files\BadgesV2
2009-03-28 00:36 . 2009-03-28 00:53 -------- d-----w c:\program files\WinMX
2009-03-28 00:33 . 2009-03-28 00:33 -------- d-----w c:\windows\system32\IOSUBSYS
2009-03-28 00:17 . 2009-03-30 19:23 -------- d-----w c:\users\Shannon\AppData\Roaming\Ulead Systems
2009-03-28 00:17 . 2009-04-07 20:55 -------- d-----w c:\users\Shannon\AppData\Roaming\TOSHIBA
2009-03-27 20:23 . 2007-04-18 04:00 67072 ----a-w c:\windows\system32\escwiad.dll
2009-03-27 20:07 . 2009-03-27 20:22 -------- d-----w C:\epson
2009-03-27 19:05 . 2004-09-11 09:12 49152 ----a-w c:\windows\system32\E_DCINST.DLL
2009-03-27 19:05 . 2006-12-08 15:04 76800 ----a-w c:\windows\system32\E_FLBCFP.DLL
2009-03-27 19:05 . 2006-04-19 15:00 62976 ----a-w c:\windows\system32\E_FD4BCFP.DLL
2009-03-27 19:05 . 2009-03-27 20:23 -------- d-----w c:\program files\EPSON
2009-03-27 16:55 . 2006-12-11 20:12 176235 ----a-w c:\windows\system32\Primomonnt.dll
2009-03-27 16:55 . 2009-03-27 16:55 -------- d-----w c:\windows\PrimoPDF4
2009-03-27 16:55 . 2009-03-27 16:55 -------- d-----w c:\program files\activePDF
2009-03-27 13:21 . 1999-12-13 13:01 44032 ------w c:\windows\system32\CTSVCCDA.EXE
2009-03-27 13:21 . 1999-11-18 13:00 25088 ------w c:\windows\system32\CTSVCCTL.EXE
2009-03-27 13:20 . 2009-03-27 13:20 -------- d-----w c:\program files\Common Files\Creative
2009-03-27 13:20 . 2009-03-27 13:24 -------- d--h--w c:\program files\Creative Installation Information
2009-03-27 13:19 . 2009-03-27 13:22 -------- d-----w c:\program files\Creative
2009-03-27 13:03 . 2009-03-27 13:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-27 04:36 . 2009-03-27 20:14 -------- d-----w c:\users\All Users\EPSON
2009-03-27 04:36 . 2009-03-27 20:14 -------- d-----w c:\programdata\EPSON
2009-03-27 00:01 . 2009-03-27 00:01 -------- d-----w c:\users\Shannon\AppData\Local\Qurb4
2009-03-26 23:26 . 2009-03-26 23:26 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-26 23:23 . 2009-03-26 23:23 -------- d-----w c:\program files\Netflix
2009-03-26 21:25 . 2009-04-15 00:06 -------- d-----w c:\users\All Users\CA
2009-03-26 21:25 . 2009-04-15 00:06 -------- d-----w c:\programdata\CA
2009-03-26 20:59 . 2009-03-29 23:59 -------- d-----w c:\users\Shannon\AppData\Roaming\CyberLink
2009-03-26 20:59 . 2009-03-26 20:59 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-26 20:08 . 2009-03-26 20:08 376 ----a-w c:\windows\ODBC.INI
2009-03-26 20:08 . 2006-10-26 23:58 30512 ----a-w c:\windows\system32\mdimon.dll
2009-03-26 19:48 . 2009-03-26 19:48 -------- d-----w c:\users\Shannon\AppData\Roaming\WinBatch
2009-03-26 19:33 . 2009-04-11 15:38 -------- d-----w c:\users\Shannon\AppData\Local\Microsoft Help
2009-03-26 19:23 . 2009-04-12 14:57 2838 ----a-w c:\windows\machine.ver
2009-03-26 19:23 . 2009-04-12 14:57 67 ----a-w c:\windows\swupdate.INI
2009-03-26 18:46 . 2009-03-26 18:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-03-26 18:23 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-03-26 18:07 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-26 18:07 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-26 18:07 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-03-26 18:07 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-26 18:07 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-26 18:07 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-26 18:07 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-26 18:07 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-26 18:01 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-26 18:01 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-26 18:01 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-26 18:00 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-26 18:00 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-26 17:58 . 2009-01-15 06:11 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-26 17:58 . 2009-01-15 03:36 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-03-26 17:58 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-03-26 17:57 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-03-26 17:57 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-03-26 17:56 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-03-26 17:54 . 2008-04-10 05:12 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-03-26 17:52 . 2008-04-26 08:08 1314816 ----a-w c:\windows\system32\quartz.dll
2009-03-26 17:51 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll
2009-03-26 17:47 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-03-26 17:41 . 2009-03-26 17:41 -------- d-----w c:\users\Shannon\AppData\Local\Mozilla
2009-03-26 17:41 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-03-26 17:41 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-03-26 17:41 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-03-26 17:41 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-03-26 17:40 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-03-26 17:40 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-03-26 17:40 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-03-26 17:40 . 2008-10-16 18:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-03-26 17:40 . 2008-10-16 17:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Local\Toshiba
2009-03-26 17:37 . 2009-04-11 16:54 -------- d-----w c:\users\Shannon\AppData\Local\Google
2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Roaming\ATI
2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Local\ATI
2009-03-26 17:37 . 2009-04-06 02:52 115192 ----a-w c:\users\Shannon\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-26 17:37 . 2009-03-26 20:59 -------- d-----w c:\users\Shannon\AppData\Local\PowerCinema

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 00:06 . 2009-03-26 21:25 47204 ----a-w C:\caisslog.txt
2009-04-15 00:06 . 2009-04-15 00:06 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-15 00:06 . 2009-04-15 00:06 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-14 13:37 . 2009-02-13 04:31 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-14 13:37 . 2009-02-13 04:31 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-14 13:37 . 2009-02-13 04:31 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-13 21:48 . 2009-02-13 04:37 -------- d-----w c:\programdata\Microsoft Help
2009-04-12 15:51 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-12 15:51 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-12 15:51 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-12 14:34 . 2009-04-12 14:34 115192 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 14:34 . 2009-04-12 14:34 -------- d-----w c:\users\Guest\AppData\Roaming\Grisoft
2009-04-12 14:34 . 2009-04-12 14:34 -------- d-----w c:\users\Guest\AppData\Roaming\ATI
2009-04-11 17:53 . 2008-05-06 18:35 -------- d-----w c:\program files\Google
2009-04-01 03:55 . 2009-03-31 04:16 1678 ----a-w C:\aaw7boot.log
2009-03-29 06:38 . 2008-05-06 18:26 -------- d-----w c:\programdata\Toshiba
2009-03-29 06:38 . 2008-05-06 18:15 -------- d-----w c:\program files\Toshiba
2009-03-29 06:38 . 2008-05-06 18:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 05:02 . 2009-03-29 05:00 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-29 02:29 . 2008-05-13 17:26 -------- d-----w c:\program files\Common Files\Adobe
2009-03-26 23:42 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-26 21:26 . 2009-03-26 21:26 35714 ----a-w C:\caavsetupLog.txt
2009-03-26 20:59 . 2008-05-06 18:28 -------- d-----w c:\programdata\CyberLink
2009-03-26 20:57 . 2008-05-06 20:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-26 18:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-26 18:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-03-26 17:36 . 2009-03-26 17:36 14 --sh--r c:\windows\system32\drivers\fbd.sys
2009-03-26 17:36 . 2009-03-26 17:36 14 --sh--r c:\windows\System32\drivers\fbd.sys
2009-03-26 17:36 . 2009-03-26 17:36 4 --sh--r c:\windows\System32\drivers\taishop.sys
2009-03-26 17:36 . 2009-03-26 17:36 4 --sh--r c:\windows\system32\drivers\taishop.sys
2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\System32\RtNicProp32.dll
2009-03-02 18:10 . 2009-03-29 05:00 67584 ----a-w c:\windows\System32\ff_vfw.dll
2009-02-13 04:53 . 2009-02-13 04:53 319456 ----a-w c:\windows\DIFxAPI.dll
2009-02-13 04:53 . 2009-02-13 04:53 315392 ----a-w c:\windows\HideWin.exe
2009-02-09 03:10 . 2009-03-26 17:54 2033152 ----a-w c:\windows\System32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-04-13_ 9.04.15.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-04-15 00:07 57708 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-15 00:08 88160 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-13 04:31 . 2009-04-12 14:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-13 04:31 . 2009-04-14 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-13 04:31 . 2009-04-14 13:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-13 04:31 . 2009-04-12 14:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 04:31 . 2009-04-14 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-13 04:31 . 2009-04-12 14:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-13 04:40 . 2009-02-13 04:40 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-04-13 21:45 . 2009-04-13 21:45 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-13 21:47 . 2009-04-13 21:47 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-02-13 04:40 . 2009-02-13 04:40 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 05:07 . 2006-10-27 05:07 67920 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PXBCOM.EXE
+ 2007-08-24 09:14 . 2007-08-24 09:14 13712 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 79776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWSTRUCT.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 22416 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWRECS.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 54152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWRECE.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 30096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWORIENT.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 60800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWLAY32.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 90504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWCUTLIN.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 32608 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\THOCRAPI.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 22416 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\REVERSE.DLL
+ 2007-08-24 09:50 . 2007-08-24 09:50 41832 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 79784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PSOM.DLL
+ 2007-08-24 07:37 . 2007-08-24 07:37 68464 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-08-24 09:50 . 2007-08-24 09:50 29576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-29 03:20 . 2007-08-29 03:20 17304 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 78728 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FORM.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 58760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-29 03:22 . 2007-08-29 03:22 50616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-24 09:14 . 2007-08-24 09:14 13712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2006-10-27 05:17 . 2006-10-27 05:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 23:11 . 2006-10-27 23:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-26 22:04 . 2006-10-26 22:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 22:04 . 2006-10-26 22:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 22:04 . 2006-10-26 22:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 22:04 . 2006-10-26 22:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 22:04 . 2006-10-26 22:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 22:05 . 2006-10-26 22:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 22:04 . 2006-10-26 22:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 22:04 . 2006-10-26 22:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 05:13 . 2006-10-27 05:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 22:05 . 2006-10-26 22:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 04:12 . 2006-10-27 04:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 05:13 . 2006-10-27 05:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 03:48 . 2006-10-27 03:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-26 22:04 . 2006-10-26 22:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 01:30 . 2006-10-27 01:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2007-08-24 09:00 . 2007-08-24 09:00 72096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2009-03-26 17:37 . 2009-04-15 00:08 7434 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3169810899-1096573336-388735925-1000_UserData.bin
+ 2009-04-15 00:06 . 2009-04-15 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-13 12:51 . 2009-04-13 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-15 00:06 . 2009-04-15 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-13 12:51 . 2009-04-13 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-26 17:57 . 2009-04-14 15:15 277076 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-03-26 20:08 . 2007-08-24 07:39 796032 c:\windows\System32\spool\drivers\w32x86\mdigraph.dll
+ 2009-03-26 20:08 . 2007-08-24 07:39 796032 c:\windows\System32\spool\drivers\w32x86\3\mdigraph.dll
+ 2006-11-02 10:33 . 2009-04-15 00:11 598588 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-15 00:11 102194 c:\windows\System32\perfc009.dat
- 2006-11-02 12:43 . 2009-04-13 12:47 262144 c:\windows\System32\config\systemprofile\ntuser.dat
+ 2006-11-02 12:43 . 2009-04-15 00:27 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:47 . 2009-04-13 13:00 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-15 00:07 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-13 13:00 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-15 00:06 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-13 04:39 . 2009-02-13 04:40 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-13 04:39 . 2009-04-13 21:48 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-13 21:46 . 2009-04-13 21:46 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-02-13 04:37 . 2009-02-13 04:37 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-08-23 05:19 . 2007-08-23 05:19 535448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XPAGE3C.DLL
+ 2007-08-29 03:16 . 2007-08-29 03:16 350064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-08-23 05:19 . 2007-08-23 05:19 129936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWCUTCHR.DLL
+ 2007-09-02 05:55 . 2007-09-02 05:55 442240 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-09-06 21:55 . 2007-09-06 21:55 505752 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-08-29 03:06 . 2007-08-29 03:06 467840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-09-06 21:50 . 2007-09-06 21:50 485232 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-06-07 23:51 . 2007-06-07 23:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-08-29 04:31 . 2007-08-29 04:31 785352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONSYNCPC.DLL
+ 2007-08-29 04:49 . 2007-08-29 04:49 667544 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONBTTNOL.DLL
+ 2007-08-24 08:06 . 2007-08-24 08:06 288152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-08-24 08:06 . 2007-08-24 08:06 277384 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-09-02 05:55 . 2007-09-02 05:55 235456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-29 04:46 . 2007-08-29 04:46 542568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-29 04:45 . 2007-08-29 04:45 835952 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-23 05:12 . 2007-08-23 05:12 507768 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-24 07:40 . 2007-08-24 07:40 674664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-29 04:18 . 2007-08-29 04:18 439160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-09-06 21:55 . 2007-09-06 21:55 431456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-29 03:20 . 2007-08-29 03:20 163712 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-29 04:52 . 2007-08-29 04:52 120704 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-08-29 04:45 . 2007-08-29 04:45 831856 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-24 07:36 . 2007-08-24 07:36 175968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-08-29 03:45 . 2007-08-29 03:45 985496 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-08-24 07:18 . 2007-08-24 07:18 437160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-08-24 07:36 . 2007-08-24 07:36 192400 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 07:45 . 2007-08-24 07:45 208256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-29 04:53 . 2007-08-29 04:53 402784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 374200 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 226744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 554440 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 292288 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 263616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 394688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-29 03:22 . 2007-08-29 03:22 390600 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 281992 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 210368 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 632248 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 07:46 . 2007-08-24 07:46 341440 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-29 03:22 . 2007-08-29 03:22 193992 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-29 03:22 . 2007-08-29 03:22 579008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-29 03:16 . 2007-08-29 03:16 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-08-24 07:43 . 2007-08-24 07:43 593296 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-29 03:39 . 2007-08-29 03:39 625560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 07:43 . 2007-08-24 07:43 138648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2009-04-13 21:38 . 2009-04-13 21:38 251272 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-29 03:06 . 2007-08-29 03:06 467840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-29 03:38 . 2007-08-29 03:38 500648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2006-10-26 22:05 . 2006-10-26 22:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2009-02-13 04:38 . 2009-02-13 04:38 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 23:23 . 2006-10-27 23:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 22:05 . 2006-10-26 22:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 19:21 . 2006-07-28 19:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 04:06 . 2006-10-27 04:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 04:13 . 2006-10-27 04:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-27 00:09 . 2006-10-27 00:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2009-02-13 04:38 . 2009-02-13 04:38 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 23:04 . 2006-10-27 23:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 05:30 . 2006-10-27 05:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-27 02:53 . 2006-07-27 02:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 540008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORGCHART.EXE
+ 2006-10-27 04:23 . 2006-10-27 04:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 23:39 . 2006-10-27 23:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 04:32 . 2006-10-27 04:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 04:06 . 2006-10-27 04:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 03:55 . 2006-10-27 03:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 21:56 . 2006-10-26 21:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 03:50 . 2006-10-27 03:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 23:58 . 2006-10-26 23:58 772944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPFILT.DLL
+ 2006-10-26 21:56 . 2006-10-26 21:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 22:59 . 2006-10-27 22:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2007-03-22 17:03 . 2007-03-22 17:03 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 23:58 . 2006-10-26 23:58 274776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIINK.DLL
+ 2006-10-26 23:58 . 2006-10-26 23:58 793392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIGRAPH.DLL
+ 2009-03-26 23:42 . 2009-03-26 23:42 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2009-03-26 23:42 . 2009-03-26 23:42 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 23:09 . 2006-10-27 23:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 03:48 . 2006-10-27 03:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 04:12 . 2006-10-27 04:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 23:41 . 2006-10-27 23:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 04:12 . 2006-10-27 04:12 396592 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\MOC.EXE
+ 2009-04-13 21:38 . 2009-04-13 21:38 611392 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-04-13 21:38 . 2009-04-13 21:38 120408 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-04-13 21:38 . 2009-04-13 21:38 783744 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-04-13 21:42 . 2009-04-13 21:42 250928 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2007-08-23 05:03 . 2007-08-23 05:03 1195888 c:\windows\System32\FM20.DLL
- 2009-02-13 05:30 . 2009-04-13 12:50 1142608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-13 05:30 . 2009-04-15 00:05 1142608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-13 04:39 . 2009-04-13 21:48 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-13 04:39 . 2009-02-13 04:40 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-26 23:45 . 2009-04-13 21:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-03-26 23:45 . 2009-03-26 23:45 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-27 05:08 . 2006-10-27 05:08 1764112 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PPCNV.DLL
+ 2006-10-27 23:18 . 2006-10-27 23:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 04:42 . 2006-10-27 04:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2007-08-23 05:19 . 2007-08-23 05:19 1198496 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XIMAGE3B.DLL
+ 2007-08-24 11:10 . 2007-08-24 11:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-24 11:10 . 2007-08-24 11:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-06-28 00:58 . 2007-06-28 00:58 2585936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-29 03:28 . 2007-08-29 03:28 2330024 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-08-29 04:38 . 2007-08-29 04:38 2016656 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-29 03:06 . 2007-08-29 03:06 7990144 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-09-02 05:55 . 2007-09-02 05:55 6540656 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-08-24 08:06 . 2007-08-24 08:06 1000848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-29 04:19 . 2007-08-29 04:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-29 04:37 . 2007-08-29 04:37 7039888 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-10-02 23:51 . 2007-10-02 23:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-28 00:20 . 2007-08-28 00:20 6637960 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-10-06 00:31 . 2007-10-06 00:31 5287984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-10-02 23:45 . 2007-10-02 23:45 2530864 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-25 23:11 . 2007-08-25 23:11 1685896 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-23 05:03 . 2007-08-23 05:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-29 03:22 . 2007-08-29 03:22 1754536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-29 04:38 . 2007-08-29 04:38 2016656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-29 03:06 . 2007-08-29 03:06 7990144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-29 04:19 . 2007-08-29 04:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-10-02 23:51 . 2007-10-02 23:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-29 03:38 . 2007-08-29 03:38 9584512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2006-10-26 22:05 . 2006-10-26 22:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 23:11 . 2006-10-27 23:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 06:58 . 2006-10-27 06:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 07:00 . 2006-10-27 07:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 08:42 . 2006-09-30 08:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 22:57 . 2006-10-27 22:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 23:04 . 2006-10-27 23:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-16 00:25 . 2006-09-16 00:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 23:03 . 2006-10-27 23:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 23:03 . 2006-10-27 23:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 19:16 . 2006-10-27 19:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 04:14 . 2006-10-27 04:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 23:58 . 2006-10-26 23:58 1057632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPCORE.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 23:10 . 2006-10-27 23:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 04:02 . 2006-10-27 04:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 03:21 . 2006-10-27 03:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 22:10 . 2006-10-26 22:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-27 23:00 . 2006-10-27 23:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2007-08-24 09:00 . 2007-08-24 09:00 1767768 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-29 04:19 . 2007-08-29 04:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-10-02 23:51 . 2007-10-02 23:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2006-10-27 23:14 . 2006-10-27 23:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OART.DLL
+ 2007-10-03 00:00 . 2007-10-03 00:00 14708760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-09-06 21:56 . 2007-09-06 21:56 17490800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-06 00:44 . 2007-10-06 00:44 14168600 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-09-15 01:45 . 2007-09-15 01:45 16901168 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-10-06 00:37 . 2007-10-06 00:37 17927192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-10-03 00:00 . 2007-10-03 00:00 14708760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-09-06 21:56 . 2007-09-06 21:56 17490800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-06 00:44 . 2007-10-06 00:44 14168600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-09-15 01:45 . 2007-09-15 01:45 16901168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-10-06 00:37 . 2007-10-06 00:37 17927192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2006-10-27 23:23 . 2006-10-27 23:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 19:01 . 2006-10-27 19:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 23:07 . 2006-10-27 23:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2007-09-15 01:45 . 2007-09-15 01:45 16901168 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL
+ 2006-10-27 05:13 . 2006-10-27 05:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\XL12CNV.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 843776]
"EPSON Stylus CX9400Fax Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" [2007-03-23 182272]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-10-24 1242424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{14740E99-68DB-4650-8B7B-191D8F6F6EEF}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{0638D1F7-F46A-40B8-950C-9A3EACAD4BA4}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{99D00FD7-E3C0-4E29-89C4-BB41751CC14F}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{2DACAD68-A4DF-4113-8D7F-5391025987EB}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{427B19D7-56EE-46EF-B94C-EC1A9FD574C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{976115CF-0655-45E6-B8D7-82B8978099E8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{258FE3F9-1157-4090-A03F-76450A9FA830}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CCA9F292-A0A6-4A36-996A-CFFBA598FAB0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{744BD608-BD58-4649-B638-5D439DC47DB9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2628E3F5-F6D9-416A-8B56-A978EAE04D87}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{632CF3E1-E6BF-436F-90AB-89BC711A4049}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{842CDE1A-55DC-43D8-96B8-1628AB407C56}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC508B8D-51E2-480B-9198-13249B64A43E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ECA36B1C-3080-4A01-A1A2-DA0764ECE701}c:\\program files\\winmx\\winmx.exe"= UDP:c:\program files\winmx\winmx.exe:WinMX Application
"UDP Query User{1B75A484-CDCC-4AE9-ACE9-3989E1DC21A8}c:\\program files\\winmx\\winmx.exe"= TCP:c:\program files\winmx\winmx.exe:WinMX Application
"TCP Query User{7E946085-A722-41CD-B37D-063143E327F8}c:\\program files\\microsoft office\\office12\\groove.exe"= UDP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"UDP Query User{687A6D22-B0D1-4030-BBB5-BAF0597DFF34}c:\\program files\\microsoft office\\office12\\groove.exe"= TCP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-06 29744]
R3 IO_Memory;IO_Memory; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-10-24 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]

.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\User_Feed_Synchronization-{290A22F6-D346-4530-8DD6-498CE0400FC0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\5t4dtf65.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/index.cfm
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 20:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-15 20:31
ComboFix-quarantined-files.txt 2009-04-15 00:31
ComboFix2.txt 2009-04-13 13:04
ComboFix3.txt 2009-04-11 20:26

Pre-Run: 226,160,386,048 bytes free
Post-Run: 226,307,534,848 bytes free

641 --- E O F --- 2009-04-14 13:41

Ried · 04-14-2009, 09:09 PM

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

In the event you wish to contribute to the ongoing development of ComboFix, donations can be made via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

mouthbre · 04-15-2009, 11:20 AM

Reid,

I think I can safely say we got it. Thank you so much! I've learned a valuable lesson. I'm grateful that there are those out there who are using their talents for good, not evil

I will gladly make a contribution to ComboFix.

Thanks, again.

Shannon

Ried · 04-16-2009, 12:45 AM

You're welcome, Shannon.

Take care and surf safely.

04-11-2009, 01:08 PM	#2 (permalink)
mouthbre Registered User Join Date: Apr 2009 Location: Ohio Posts: 7 OS: Vista Pro Home 32-Bit	Re: Search redirect and Unable to update spyware software, etc. Sorry, I also am unable to do a system restore. A disk error is reported. Thanks

04-12-2009, 07:54 AM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,969 OS: WinXP and Vista	Re: Search redirect and Unable to update spyware software, etc. Hello mouthbre and welcome, You have a nasty rootkit onboard and this will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. ************************************************* Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt** for further review. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

04-14-2009, 08:21 AM	#6 (permalink)
mouthbre Registered User Join Date: Apr 2009 Location: Ohio Posts: 7 OS: Vista Pro Home 32-Bit	Re: Search redirect and Unable to update spyware software, etc. Reid, Believe me, I've learned a valuable lesson! I can almost guarantee that it came from the torrent download, as I noticed the infection the very next day. I can assure you that file sharing and cracks are a thing of the past. I'm very grateful for the time and effort that you, and others like you, commit to helping others. I will follow your instructions and post the follow up report immediately. Thank you!

04-14-2009, 06:39 PM	#9 (permalink)
mouthbre Registered User Join Date: Apr 2009 Location: Ohio Posts: 7 OS: Vista Pro Home 32-Bit	Re: Search redirect and Unable to update spyware software, etc. ComboFix 09-04-15.03 - Shannon 04/14/2009 20:27.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2060 [GMT -4:00] Running from: c:\users\Shannon\Desktop\ComboFix.exe Command switches used :: c:\users\Shannon\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\System32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\gxvxcpqeasuwdmkynptielpcnsqdppxyvrlmy.sys c:\windows\system32\gxvxccounter c:\windows\System32\gxvxcmwcxmpgwidsftnxueutdbmfhvrvcntou.dll . ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 ))))))))))))))))))))))))))))))) . 2009-04-15 00:00 . 2009-04-15 00:00 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files 2009-04-15 00:00 . 2009-04-15 00:00 -------- d-----w c:\programdata\Kaspersky Lab Setup Files 2009-04-14 23:28 . 2009-04-14 23:28 0 ----a-w c:\windows\system32\core 2009-04-14 22:56 . 2009-04-14 22:56 -------- d-----w c:\program files\Audacity 2009-04-14 16:08 . 2009-04-14 16:08 -------- d-----w c:\windows\Sun 2009-04-13 22:13 . 2009-04-13 22:13 -------- d-----w c:\program files\Microsoft Silverlight 2009-04-12 16:08 . 2009-04-12 16:08 -------- d-----w c:\users\Shannon\AppData\Roaming\DriverCure 2009-04-12 16:07 . 2009-04-12 16:11 -------- d-----w c:\users\All Users\DriverCure 2009-04-12 16:07 . 2009-04-12 16:11 -------- d-----w c:\programdata\DriverCure 2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\users\All Users\ParetoLogic 2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w c:\programdata\ParetoLogic 2009-04-12 15:51 . 2009-04-12 15:51 -------- d-----w c:\users\Shannon\AppData\Local\WindowsUpdate 2009-04-12 14:35 . 2009-04-12 14:35 -------- d-----w c:\users\Guest\AppData\Roaming\TOSHIBA 2009-04-12 14:35 . 2009-04-12 14:35 -------- d-----w c:\users\Guest\AppData\Roaming\DivX 2009-04-11 23:59 . 2009-04-11 23:59 -------- d-----w c:\users\All Users\Grisoft 2009-04-11 23:59 . 2009-04-11 23:59 -------- d-----w c:\programdata\Grisoft 2009-04-11 23:39 . 2009-04-14 13:52 -------- d-----w c:\users\Shannon\AppData\Local\Adobe 2009-04-11 17:12 . 2009-04-11 20:33 -------- d---a-w c:\users\All Users\TEMP 2009-04-11 17:12 . 2009-04-11 20:33 -------- d---a-w c:\programdata\TEMP 2009-04-10 15:15 . 2009-04-11 22:54 -------- d-----w c:\users\Shannon\AppData\Roaming\Audacity 2009-04-10 03:21 . 2009-04-10 03:21 -------- d-----w c:\users\Shannon\AppData\Roaming\Thinstall 2009-04-10 02:49 . 2009-04-10 15:01 -------- d-----w c:\users\Shannon\AppData\Roaming\uTorrent 2009-04-10 02:26 . 2009-04-10 02:26 -------- d-----w C:\Temp 2009-04-10 00:50 . 2009-04-10 00:50 -------- d-----w c:\users\Shannon\AppData\Roaming\Sony 2009-04-10 00:50 . 2009-04-10 00:50 -------- d-----w c:\users\Shannon\AppData\Local\Sony 2009-04-06 02:18 . 2009-04-06 02:18 -------- d-----w c:\program files\Guitar Pro 5 2009-04-01 03:43 . 2009-04-01 03:43 680 ----a-w c:\users\Shannon\AppData\Local\d3d9caps.dat 2009-03-31 03:53 . 2009-04-11 23:42 -------- dc----w c:\windows\system32\DRVSTORE 2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\users\All Users\Lavasoft 2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\programdata\Lavasoft 2009-03-31 03:51 . 2009-04-11 23:42 -------- d-----w c:\program files\Lavasoft 2009-03-29 06:37 . 2009-03-29 06:37 -------- d-----w c:\users\Shannon\AppData\Roaming\InstallShield 2009-03-29 05:49 . 2009-03-29 05:49 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-29 05:49 . 2009-03-29 05:49 47360 ----a-w c:\users\Shannon\AppData\Roaming\pcouffin.sys 2009-03-29 05:49 . 2009-04-07 04:05 -------- d-----w c:\users\Shannon\AppData\Roaming\Vso 2009-03-29 05:49 . 2009-03-29 05:49 -------- d-----w c:\program files\DVDFab 5 2009-03-29 05:28 . 2009-03-29 22:08 -------- d---a-r c:\users\Shannon\Union 2009-03-29 04:03 . 2009-03-29 04:03 -------- d-----w c:\program files\MP3Gain 2009-03-29 03:11 . 2009-03-29 03:11 -------- d-----w c:\program files\Power Tab Software 2009-03-29 00:44 . 2009-03-29 00:44 -------- d-----w c:\users\Shannon\AppData\Roaming\Media Player Classic 2009-03-29 00:37 . 2009-03-29 00:37 -------- d-----w c:\program files\CCleaner 2009-03-29 00:15 . 2009-03-29 00:24 -------- d-----w c:\users\All Users\FLEXnet 2009-03-29 00:15 . 2009-03-29 00:24 -------- d-----w c:\programdata\FLEXnet 2009-03-29 00:08 . 2009-03-29 00:08 -------- d-----w c:\program files\Bonjour 2009-03-29 00:04 . 2009-03-29 00:07 -------- d-----w c:\users\All Users\DVD Shrink 2009-03-29 00:04 . 2009-03-29 00:07 -------- d-----w c:\programdata\DVD Shrink 2009-03-29 00:04 . 2009-03-29 00:04 -------- d-----w c:\program files\DVD Shrink 2009-03-28 23:52 . 2009-03-28 23:52 -------- d-----w c:\program files\Common Files\Macrovision Shared 2009-03-28 02:07 . 2009-03-29 06:52 -------- d-----w C:\BamFiles 2009-03-28 02:05 . 2009-03-29 21:08 -------- d-----w c:\program files\BadgesV2 2009-03-28 00:36 . 2009-03-28 00:53 -------- d-----w c:\program files\WinMX 2009-03-28 00:33 . 2009-03-28 00:33 -------- d-----w c:\windows\system32\IOSUBSYS 2009-03-28 00:17 . 2009-03-30 19:23 -------- d-----w c:\users\Shannon\AppData\Roaming\Ulead Systems 2009-03-28 00:17 . 2009-04-07 20:55 -------- d-----w c:\users\Shannon\AppData\Roaming\TOSHIBA 2009-03-27 20:23 . 2007-04-18 04:00 67072 ----a-w c:\windows\system32\escwiad.dll 2009-03-27 20:07 . 2009-03-27 20:22 -------- d-----w C:\epson 2009-03-27 19:05 . 2004-09-11 09:12 49152 ----a-w c:\windows\system32\E_DCINST.DLL 2009-03-27 19:05 . 2006-12-08 15:04 76800 ----a-w c:\windows\system32\E_FLBCFP.DLL 2009-03-27 19:05 . 2006-04-19 15:00 62976 ----a-w c:\windows\system32\E_FD4BCFP.DLL 2009-03-27 19:05 . 2009-03-27 20:23 -------- d-----w c:\program files\EPSON 2009-03-27 16:55 . 2006-12-11 20:12 176235 ----a-w c:\windows\system32\Primomonnt.dll 2009-03-27 16:55 . 2009-03-27 16:55 -------- d-----w c:\windows\PrimoPDF4 2009-03-27 16:55 . 2009-03-27 16:55 -------- d-----w c:\program files\activePDF 2009-03-27 13:21 . 1999-12-13 13:01 44032 ------w c:\windows\system32\CTSVCCDA.EXE 2009-03-27 13:21 . 1999-11-18 13:00 25088 ------w c:\windows\system32\CTSVCCTL.EXE 2009-03-27 13:20 . 2009-03-27 13:20 -------- d-----w c:\program files\Common Files\Creative 2009-03-27 13:20 . 2009-03-27 13:24 -------- d--h--w c:\program files\Creative Installation Information 2009-03-27 13:19 . 2009-03-27 13:22 -------- d-----w c:\program files\Creative 2009-03-27 13:03 . 2009-03-27 13:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-03-27 04:36 . 2009-03-27 20:14 -------- d-----w c:\users\All Users\EPSON 2009-03-27 04:36 . 2009-03-27 20:14 -------- d-----w c:\programdata\EPSON 2009-03-27 00:01 . 2009-03-27 00:01 -------- d-----w c:\users\Shannon\AppData\Local\Qurb4 2009-03-26 23:26 . 2009-03-26 23:26 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-03-26 23:23 . 2009-03-26 23:23 -------- d-----w c:\program files\Netflix 2009-03-26 21:25 . 2009-04-15 00:06 -------- d-----w c:\users\All Users\CA 2009-03-26 21:25 . 2009-04-15 00:06 -------- d-----w c:\programdata\CA 2009-03-26 20:59 . 2009-03-29 23:59 -------- d-----w c:\users\Shannon\AppData\Roaming\CyberLink 2009-03-26 20:59 . 2009-03-26 20:59 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-03-26 20:08 . 2009-03-26 20:08 376 ----a-w c:\windows\ODBC.INI 2009-03-26 20:08 . 2006-10-26 23:58 30512 ----a-w c:\windows\system32\mdimon.dll 2009-03-26 19:48 . 2009-03-26 19:48 -------- d-----w c:\users\Shannon\AppData\Roaming\WinBatch 2009-03-26 19:33 . 2009-04-11 15:38 -------- d-----w c:\users\Shannon\AppData\Local\Microsoft Help 2009-03-26 19:23 . 2009-04-12 14:57 2838 ----a-w c:\windows\machine.ver 2009-03-26 19:23 . 2009-04-12 14:57 67 ----a-w c:\windows\swupdate.INI 2009-03-26 18:46 . 2009-03-26 18:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2009-03-26 18:23 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll 2009-03-26 18:07 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-03-26 18:07 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-03-26 18:07 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl 2009-03-26 18:07 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-03-26 18:07 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll 2009-03-26 18:07 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe 2009-03-26 18:07 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-03-26 18:07 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-03-26 18:01 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-03-26 18:01 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-03-26 18:01 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-03-26 18:00 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-03-26 18:00 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-03-26 17:58 . 2009-01-15 06:11 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-26 17:58 . 2009-01-15 03:36 1383424 ----a-w c:\windows\system32\mshtml.tlb 2009-03-26 17:58 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-03-26 17:57 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll 2009-03-26 17:57 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll 2009-03-26 17:56 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll 2009-03-26 17:54 . 2008-04-10 05:12 738304 ----a-w c:\windows\system32\inetcomm.dll 2009-03-26 17:52 . 2008-04-26 08:08 1314816 ----a-w c:\windows\system32\quartz.dll 2009-03-26 17:51 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll 2009-03-26 17:47 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll 2009-03-26 17:41 . 2009-03-26 17:41 -------- d-----w c:\users\Shannon\AppData\Local\Mozilla 2009-03-26 17:41 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll 2009-03-26 17:41 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe 2009-03-26 17:41 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-03-26 17:41 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll 2009-03-26 17:40 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll 2009-03-26 17:40 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll 2009-03-26 17:40 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll 2009-03-26 17:40 . 2008-10-16 18:08 162064 ----a-w c:\windows\system32\wuwebv.dll 2009-03-26 17:40 . 2008-10-16 17:56 31232 ----a-w c:\windows\system32\wuapp.exe 2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Local\Toshiba 2009-03-26 17:37 . 2009-04-11 16:54 -------- d-----w c:\users\Shannon\AppData\Local\Google 2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Roaming\ATI 2009-03-26 17:37 . 2009-03-26 17:37 -------- d-----w c:\users\Shannon\AppData\Local\ATI 2009-03-26 17:37 . 2009-04-06 02:52 115192 ----a-w c:\users\Shannon\AppData\Local\GDIPFONTCACHEV1.DAT 2009-03-26 17:37 . 2009-03-26 20:59 -------- d-----w c:\users\Shannon\AppData\Local\PowerCinema . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 00:06 . 2009-03-26 21:25 47204 ----a-w C:\caisslog.txt 2009-04-15 00:06 . 2009-04-15 00:06 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 2009-04-15 00:06 . 2009-04-15 00:06 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 2009-04-14 13:37 . 2009-02-13 04:31 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2009-04-14 13:37 . 2009-02-13 04:31 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2009-04-14 13:37 . 2009-02-13 04:31 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2009-04-13 21:48 . 2009-02-13 04:37 -------- d-----w c:\programdata\Microsoft Help 2009-04-12 15:51 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-04-12 15:51 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat 2009-04-12 15:51 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-04-12 14:34 . 2009-04-12 14:34 115192 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-12 14:34 . 2009-04-12 14:34 -------- d-----w c:\users\Guest\AppData\Roaming\Grisoft 2009-04-12 14:34 . 2009-04-12 14:34 -------- d-----w c:\users\Guest\AppData\Roaming\ATI 2009-04-11 17:53 . 2008-05-06 18:35 -------- d-----w c:\program files\Google 2009-04-01 03:55 . 2009-03-31 04:16 1678 ----a-w C:\aaw7boot.log 2009-03-29 06:38 . 2008-05-06 18:26 -------- d-----w c:\programdata\Toshiba 2009-03-29 06:38 . 2008-05-06 18:15 -------- d-----w c:\program files\Toshiba 2009-03-29 06:38 . 2008-05-06 18:20 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-29 05:02 . 2009-03-29 05:00 -------- d-----w c:\program files\K-Lite Codec Pack 2009-03-29 02:29 . 2008-05-13 17:26 -------- d-----w c:\program files\Common Files\Adobe 2009-03-26 23:42 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild 2009-03-26 21:26 . 2009-03-26 21:26 35714 ----a-w C:\caavsetupLog.txt 2009-03-26 20:59 . 2008-05-06 18:28 -------- d-----w c:\programdata\CyberLink 2009-03-26 20:57 . 2008-05-06 20:41 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-26 18:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-03-26 18:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat 2009-03-26 17:36 . 2009-03-26 17:36 14 --sh--r c:\windows\system32\drivers\fbd.sys 2009-03-26 17:36 . 2009-03-26 17:36 14 --sh--r c:\windows\System32\drivers\fbd.sys 2009-03-26 17:36 . 2009-03-26 17:36 4 --sh--r c:\windows\System32\drivers\taishop.sys 2009-03-26 17:36 . 2009-03-26 17:36 4 --sh--r c:\windows\system32\drivers\taishop.sys 2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys 2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\System32\RtNicProp32.dll 2009-03-02 18:10 . 2009-03-29 05:00 67584 ----a-w c:\windows\System32\ff_vfw.dll 2009-02-13 04:53 . 2009-02-13 04:53 319456 ----a-w c:\windows\DIFxAPI.dll 2009-02-13 04:53 . 2009-02-13 04:53 315392 ----a-w c:\windows\HideWin.exe 2009-02-09 03:10 . 2009-03-26 17:54 2033152 ----a-w c:\windows\System32\win32k.sys 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( SnapShot@2009-04-13_ 9.04.15.70 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-04-15 00:07 57708 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-04-15 00:08 88160 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-02-13 04:31 . 2009-04-12 14:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-13 04:31 . 2009-04-14 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-13 04:31 . 2009-04-14 13:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-02-13 04:31 . 2009-04-12 14:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-13 04:31 . 2009-04-14 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-13 04:31 . 2009-04-12 14:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-13 04:40 . 2009-02-13 04:40 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2009-04-13 21:45 . 2009-04-13 21:45 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe - 2009-02-13 04:39 . 2009-02-13 04:40 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2009-02-13 04:39 . 2009-04-13 21:48 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2009-02-13 04:39 . 2009-04-13 21:48 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2009-02-13 04:39 . 2009-02-13 04:40 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe + 2009-02-13 04:39 . 2009-04-13 21:48 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2009-02-13 04:39 . 2009-02-13 04:40 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2009-03-26 23:45 . 2009-03-26 23:45 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2009-03-26 23:45 . 2009-03-26 23:45 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2009-03-26 23:45 . 2009-03-26 23:45 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-04-13 21:47 . 2009-04-13 21:47 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2009-02-13 04:40 . 2009-02-13 04:40 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2006-10-27 05:07 . 2006-10-27 05:07 67920 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PXBCOM.EXE + 2007-08-24 09:14 . 2007-08-24 09:14 13712 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XLCALL32.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 79776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWSTRUCT.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 22416 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWRECS.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 54152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWRECE.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 30096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWORIENT.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 60800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWLAY32.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 90504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWCUTLIN.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 32608 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\THOCRAPI.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 22416 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\REVERSE.DLL + 2007-08-24 09:50 . 2007-08-24 09:50 41832 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\REFEDIT.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 79784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PSOM.DLL + 2007-08-24 07:37 . 2007-08-24 07:37 68464 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\NAME.DLL + 2007-08-24 09:50 . 2007-08-24 09:50 29576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSOEURO.DLL + 2007-08-29 03:20 . 2007-08-29 03:20 17304 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSOCFU.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 78728 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FORM.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 58760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACERCLR.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODTXT.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODPDX.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODEXL.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 17800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODDBS.DLL + 2007-08-29 03:22 . 2007-08-29 03:22 50616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEERR.DLL + 2007-08-24 09:14 . 2007-08-24 09:14 13712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL + 2006-10-27 05:17 . 2006-10-27 05:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL + 2006-10-27 23:11 . 2006-10-27 23:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE + 2006-10-26 22:04 . 2006-10-26 22:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL + 2006-10-26 22:04 . 2006-10-26 22:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL + 2006-10-26 22:04 . 2006-10-26 22:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL + 2006-10-26 22:04 . 2006-10-26 22:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL + 2006-10-26 22:04 . 2006-10-26 22:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL + 2006-10-26 22:05 . 2006-10-26 22:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL + 2006-10-26 22:04 . 2006-10-26 22:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL + 2006-10-26 22:04 . 2006-10-26 22:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL + 2006-10-27 05:13 . 2006-10-27 05:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL + 2006-10-26 22:05 . 2006-10-26 22:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL + 2006-10-27 19:16 . 2006-10-27 19:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL + 2006-10-27 04:24 . 2006-10-27 04:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL + 2006-10-27 04:24 . 2006-10-27 04:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE + 2006-10-27 04:12 . 2006-10-27 04:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL + 2006-10-27 05:13 . 2006-10-27 05:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL + 2006-10-27 03:48 . 2006-10-27 03:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL + 2006-10-27 01:18 . 2006-10-27 01:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL + 2006-10-27 04:47 . 2006-10-27 04:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE + 2006-10-27 04:47 . 2006-10-27 04:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL + 2006-10-27 04:47 . 2006-10-27 04:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE + 2006-10-27 04:47 . 2006-10-27 04:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE + 2006-10-27 19:37 . 2006-10-27 19:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL + 2006-10-27 04:47 . 2006-10-27 04:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE + 2006-10-26 22:04 . 2006-10-26 22:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL + 2006-10-27 00:55 . 2006-10-27 00:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL + 2006-10-27 01:30 . 2006-10-27 01:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL + 2006-10-27 23:00 . 2006-10-27 23:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL + 2007-08-24 09:00 . 2007-08-24 09:00 72096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE + 2009-03-26 17:37 . 2009-04-15 00:08 7434 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3169810899-1096573336-388735925-1000_UserData.bin + 2009-04-15 00:06 . 2009-04-15 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-04-13 12:51 . 2009-04-13 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-04-15 00:06 . 2009-04-15 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-04-13 12:51 . 2009-04-13 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-26 17:57 . 2009-04-14 15:15 277076 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-03-26 20:08 . 2007-08-24 07:39 796032 c:\windows\System32\spool\drivers\w32x86\mdigraph.dll + 2009-03-26 20:08 . 2007-08-24 07:39 796032 c:\windows\System32\spool\drivers\w32x86\3\mdigraph.dll + 2006-11-02 10:33 . 2009-04-15 00:11 598588 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-04-15 00:11 102194 c:\windows\System32\perfc009.dat - 2006-11-02 12:43 . 2009-04-13 12:47 262144 c:\windows\System32\config\systemprofile\ntuser.dat + 2006-11-02 12:43 . 2009-04-15 00:27 262144 c:\windows\System32\config\systemprofile\ntuser.dat - 2006-11-02 12:47 . 2009-04-13 13:00 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2006-11-02 12:47 . 2009-04-15 00:07 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2006-11-02 12:47 . 2009-04-13 13:00 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2006-11-02 12:47 . 2009-04-15 00:06 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2009-02-13 04:39 . 2009-02-13 04:40 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2009-02-13 04:39 . 2009-04-13 21:48 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2009-02-13 04:39 . 2009-04-13 21:48 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2009-02-13 04:39 . 2009-02-13 04:40 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2009-02-13 04:39 . 2009-04-13 21:48 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2009-02-13 04:39 . 2009-02-13 04:40 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2009-02-13 04:39 . 2009-04-13 21:48 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2009-02-13 04:39 . 2009-02-13 04:40 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2009-04-13 21:46 . 2009-04-13 21:46 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe - 2009-02-13 04:37 . 2009-02-13 04:37 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe - 2009-03-26 23:45 . 2009-03-26 23:45 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2009-03-26 23:45 . 2009-03-26 23:45 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2009-03-26 23:45 . 2009-04-13 21:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2009-03-26 23:45 . 2009-03-26 23:45 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2009-03-26 23:45 . 2009-03-26 23:45 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2009-03-26 23:45 . 2009-03-26 23:45 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2009-03-26 23:45 . 2009-04-13 21:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2009-03-26 23:45 . 2009-04-13 21:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2009-03-26 23:45 . 2009-03-26 23:45 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2009-03-26 23:45 . 2009-04-13 21:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2009-03-26 23:45 . 2009-03-26 23:45 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2007-08-23 05:19 . 2007-08-23 05:19 535448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XPAGE3C.DLL + 2007-08-29 03:16 . 2007-08-29 03:16 350064 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WINWORD.EXE + 2007-08-23 05:19 . 2007-08-23 05:19 129936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\TWCUTCHR.DLL + 2007-09-02 05:55 . 2007-09-02 05:55 442240 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\SETUP.EXE + 2007-09-06 21:55 . 2007-09-06 21:55 505752 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\SELFCERT.EXE + 2007-08-29 03:06 . 2007-08-29 03:06 467840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\POWERPNT.EXE + 2007-09-06 21:50 . 2007-09-06 21:50 485232 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PORTCONN.DLL + 2007-06-07 23:51 . 2007-06-07 23:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL + 2007-08-29 04:31 . 2007-08-29 04:31 785352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONSYNCPC.DLL + 2007-08-29 04:49 . 2007-08-29 04:49 667544 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONBTTNOL.DLL + 2007-08-24 08:06 . 2007-08-24 08:06 288152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OISGRAPH.DLL + 2007-08-24 08:06 . 2007-08-24 08:06 277384 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OIS.EXE + 2007-09-02 05:55 . 2007-09-02 05:55 235456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ODEPLOY.EXE + 2007-08-29 04:46 . 2007-08-29 04:46 542568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSTORES.DLL + 2007-08-29 04:45 . 2007-08-29 04:45 835952 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSTORDB.EXE + 2007-08-23 05:12 . 2007-08-23 05:12 507768 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSSOAP30.DLL + 2007-08-24 07:40 . 2007-08-24 07:40 674664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSQRY32.EXE + 2007-08-29 04:18 . 2007-08-29 04:18 439160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSORUN.DLL + 2007-09-06 21:55 . 2007-09-06 21:55 431456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSODCW.DLL + 2007-08-29 03:20 . 2007-08-29 03:20 163712 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSOCF.DLL + 2007-08-29 04:52 . 2007-08-29 04:52 120704 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSCONV97.DLL + 2007-08-29 04:45 . 2007-08-29 04:45 831856 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MEDCAT.DLL + 2007-08-24 07:36 . 2007-08-24 07:36 175968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\IEAWSDC.DLL + 2007-08-29 03:45 . 2007-08-29 03:45 985496 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FPWEC.DLL + 2007-08-24 07:18 . 2007-08-24 07:18 437160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\DWTRIG20.EXE + 2007-08-24 07:36 . 2007-08-24 07:36 192400 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL + 2007-08-24 07:45 . 2007-08-24 07:45 208256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\CLVIEW.EXE + 2007-08-29 04:53 . 2007-08-29 04:53 402784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\CDLMSO.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 374200 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEXBE.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 226744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACETXT.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 554440 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEREP.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 292288 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACER3X.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 263616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACER2X.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 394688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEPDE.DLL + 2007-08-29 03:22 . 2007-08-29 03:22 390600 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 281992 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEODBC.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 210368 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACELTS.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 632248 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEEXCL.DLL + 2007-08-24 07:46 . 2007-08-24 07:46 341440 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEEXCH.DLL + 2007-08-29 03:22 . 2007-08-29 03:22 193992 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEES.DLL + 2007-08-29 03:22 . 2007-08-29 03:22 579008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACEDAO.DLL + 2007-08-29 03:16 . 2007-08-29 03:16 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE + 2007-08-24 07:43 . 2007-08-24 07:43 593296 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL + 2007-08-29 03:39 . 2007-08-29 03:39 625560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL + 2007-08-24 07:43 . 2007-08-24 07:43 138648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL + 2009-04-13 21:38 . 2009-04-13 21:38 251272 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL + 2007-08-29 03:06 . 2007-08-29 03:06 467840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE + 2007-08-29 03:38 . 2007-08-29 03:38 500648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL + 2006-10-26 22:05 . 2006-10-26 22:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL + 2009-02-13 04:38 . 2009-02-13 04:38 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL + 2006-10-27 23:23 . 2006-10-27 23:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE + 2006-10-26 22:05 . 2006-10-26 22:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL + 2006-07-28 19:21 . 2006-07-28 19:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL + 2006-10-27 01:18 . 2006-10-27 01:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL + 2006-10-27 04:06 . 2006-10-27 04:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE + 2006-10-27 04:13 . 2006-10-27 04:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE + 2006-10-27 00:55 . 2006-10-27 00:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL + 2006-10-27 00:55 . 2006-10-27 00:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL + 2006-10-27 01:42 . 2006-10-27 01:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE + 2006-10-27 00:09 . 2006-10-27 00:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL + 2006-10-27 19:04 . 2006-10-27 19:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL + 2006-10-27 00:55 . 2006-10-27 00:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL + 2006-10-27 00:09 . 2006-10-27 00:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL + 2009-02-13 04:38 . 2009-02-13 04:38 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL + 2006-10-27 23:04 . 2006-10-27 23:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE + 2006-10-27 05:30 . 2006-10-27 05:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL + 2006-10-27 19:16 . 2006-10-27 19:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL + 2006-10-27 19:16 . 2006-10-27 19:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL + 2006-07-27 02:53 . 2006-07-27 02:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL + 2006-10-26 17:58 . 2006-10-26 17:58 540008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORGCHART.EXE + 2006-10-27 04:23 . 2006-10-27 04:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL + 2006-10-27 23:39 . 2006-10-27 23:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL + 2006-10-27 04:32 . 2006-10-27 04:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL + 2006-10-27 00:34 . 2006-10-27 00:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL + 2006-10-27 00:34 . 2006-10-27 00:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL + 2006-10-27 04:00 . 2006-10-27 04:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL + 2006-10-27 04:00 . 2006-10-27 04:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL + 2006-10-27 04:00 . 2006-10-27 04:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE + 2006-10-27 04:06 . 2006-10-27 04:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE + 2006-10-27 03:55 . 2006-10-27 03:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL + 2006-10-27 03:55 . 2006-10-27 03:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE + 2006-10-26 21:56 . 2006-10-26 21:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL + 2006-10-27 03:50 . 2006-10-27 03:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE + 2006-10-26 23:58 . 2006-10-26 23:58 772944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPFILT.DLL + 2006-10-26 21:56 . 2006-10-26 21:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL + 2006-10-27 04:12 . 2006-10-27 04:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL + 2006-10-27 22:59 . 2006-10-27 22:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL + 2007-03-22 17:03 . 2007-03-22 17:03 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL + 2006-10-27 19:04 . 2006-10-27 19:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL + 2006-10-27 00:55 . 2006-10-27 00:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL + 2006-10-27 03:55 . 2006-10-27 03:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL + 2006-10-26 23:58 . 2006-10-26 23:58 274776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIINK.DLL + 2006-10-26 23:58 . 2006-10-26 23:58 793392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIGRAPH.DLL + 2009-03-26 23:42 . 2009-03-26 23:42 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL + 2009-03-26 23:42 . 2009-03-26 23:42 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL + 2006-10-27 01:42 . 2006-10-27 01:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL + 2006-10-27 00:55 . 2006-10-27 00:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL + 2006-10-27 04:12 . 2006-10-27 04:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE + 2006-10-27 04:48 . 2006-10-27 04:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE + 2006-10-27 23:09 . 2006-10-27 23:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL + 2006-10-27 03:48 . 2006-10-27 03:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE + 2006-10-27 04:48 . 2006-10-27 04:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE + 2006-10-27 04:12 . 2006-10-27 04:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL + 2006-10-27 19:16 . 2006-10-27 19:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL + 2006-10-27 03:59 . 2006-10-27 03:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE + 2006-10-27 23:41 . 2006-10-27 23:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL + 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL + 2006-10-27 23:00 . 2006-10-27 23:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL + 2006-10-27 04:13 . 2006-10-27 04:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL + 2006-10-27 23:00 . 2006-10-27 23:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL + 2006-10-27 23:00 . 2006-10-27 23:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL + 2006-10-27 01:18 . 2006-10-27 01:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL + 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL + 2006-10-27 04:12 . 2006-10-27 04:12 396592 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\MOC.EXE + 2009-04-13 21:38 . 2009-04-13 21:38 611392 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll + 2009-04-13 21:38 . 2009-04-13 21:38 120408 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll + 2009-04-13 21:38 . 2009-04-13 21:38 783744 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll + 2009-04-13 21:42 . 2009-04-13 21:42 250928 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll + 2007-08-23 05:03 . 2007-08-23 05:03 1195888 c:\windows\System32\FM20.DLL - 2009-02-13 05:30 . 2009-04-13 12:50 1142608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-02-13 05:30 . 2009-04-15 00:05 1142608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-02-13 04:39 . 2009-04-13 21:48 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - 2009-02-13 04:39 . 2009-02-13 04:40 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2009-03-26 23:45 . 2009-04-13 21:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2009-03-26 23:45 . 2009-03-26 23:45 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2009-03-26 23:45 . 2009-04-13 21:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2009-03-26 23:45 . 2009-03-26 23:45 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2006-10-27 05:08 . 2006-10-27 05:08 1764112 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PPCNV.DLL + 2006-10-27 23:18 . 2006-10-27 23:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OGL.DLL + 2006-10-27 04:42 . 2006-10-27 04:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OARTCONV.DLL + 2007-08-23 05:19 . 2007-08-23 05:19 1198496 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XIMAGE3B.DLL + 2007-08-24 11:10 . 2007-08-24 11:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VVIEWER.DLL + 2007-08-24 11:10 . 2007-08-24 11:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL + 2007-06-28 00:58 . 2007-06-28 00:58 2585936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VBE6.DLL + 2007-08-29 03:28 . 2007-08-29 03:28 2330024 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\STSLIST.DLL + 2007-08-29 04:38 . 2007-08-29 04:38 2016656 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPTVIEW.EXE + 2007-08-29 03:06 . 2007-08-29 03:06 7990144 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPCORE.DLL + 2007-09-02 05:55 . 2007-09-02 05:55 6540656 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OSETUP.DLL + 2007-08-24 08:06 . 2007-08-24 08:06 1000848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OISAPP.DLL + 2007-08-29 04:19 . 2007-08-29 04:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OGL.DLL + 2007-08-29 04:37 . 2007-08-29 04:37 7039888 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OFFOWC.DLL + 2007-10-02 23:51 . 2007-10-02 23:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OARTCONV.DLL + 2007-08-28 00:20 . 2007-08-28 00:20 6637960 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSORES.DLL + 2007-10-06 00:31 . 2007-10-06 00:31 5287984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\IPEDITOR.DLL + 2007-10-02 23:45 . 2007-10-02 23:45 2530864 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\GRAPH.EXE + 2007-08-25 23:11 . 2007-08-25 23:11 1685896 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL + 2007-08-23 05:03 . 2007-08-23 05:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FM20.DLL + 2007-08-29 03:22 . 2007-08-29 03:22 1754536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ACECORE.DLL + 2007-08-29 04:38 . 2007-08-29 04:38 2016656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE + 2007-08-29 03:06 . 2007-08-29 03:06 7990144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL + 2007-08-29 04:19 . 2007-08-29 04:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL + 2007-10-02 23:51 . 2007-10-02 23:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL + 2007-08-29 03:38 . 2007-08-29 03:38 9584512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE + 2006-10-26 22:05 . 2006-10-26 22:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL + 2006-10-27 23:11 . 2006-10-27 23:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL + 2006-10-27 06:58 . 2006-10-27 06:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL + 2006-10-27 07:00 . 2006-10-27 07:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL + 2006-09-30 08:42 . 2006-09-30 08:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL + 2006-10-27 22:57 . 2006-10-27 22:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL + 2006-10-27 23:04 . 2006-10-27 23:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL + 2006-09-16 00:25 . 2006-09-16 00:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT + 2006-10-27 23:03 . 2006-10-27 23:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL + 2006-10-27 04:24 . 2006-10-27 04:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL + 2006-10-27 23:03 . 2006-10-27 23:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE + 2006-10-27 19:16 . 2006-10-27 19:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL + 2006-10-27 04:14 . 2006-10-27 04:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL + 2006-10-27 19:04 . 2006-10-27 19:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE + 2006-10-26 23:58 . 2006-10-26 23:58 1057632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPCORE.DLL + 2006-10-27 04:00 . 2006-10-27 04:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL + 2006-10-27 23:10 . 2006-10-27 23:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL + 2006-10-27 19:10 . 2006-10-27 19:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL + 2006-10-27 19:10 . 2006-10-27 19:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE + 2006-10-27 19:37 . 2006-10-27 19:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL + 2006-10-27 19:38 . 2006-10-27 19:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL + 2006-10-27 19:38 . 2006-10-27 19:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL + 2006-10-27 04:48 . 2006-10-27 04:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL + 2006-10-27 19:38 . 2006-10-27 19:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL + 2006-10-27 19:37 . 2006-10-27 19:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL + 2006-10-27 19:38 . 2006-10-27 19:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL + 2006-10-27 04:02 . 2006-10-27 04:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE + 2006-10-27 03:21 . 2006-10-27 03:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL + 2006-10-26 22:10 . 2006-10-26 22:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL + 2006-10-27 23:00 . 2006-10-27 23:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL + 2007-08-24 09:00 . 2007-08-24 09:00 1767768 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL + 2007-08-29 04:19 . 2007-08-29 04:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL + 2007-10-02 23:51 . 2007-10-02 23:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OARTCONV.DLL + 2006-10-27 23:14 . 2006-10-27 23:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OART.DLL + 2007-10-03 00:00 . 2007-10-03 00:00 14708760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XL12CNV.EXE + 2007-09-06 21:56 . 2007-09-06 21:56 17490800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WWLIB.DLL + 2007-10-06 00:44 . 2007-10-06 00:44 14168600 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OART.DLL + 2007-09-15 01:45 . 2007-09-15 01:45 16901168 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSO.DLL + 2007-10-06 00:37 . 2007-10-06 00:37 17927192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\EXCEL.EXE + 2007-10-03 00:00 . 2007-10-03 00:00 14708760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE + 2007-09-06 21:56 . 2007-09-06 21:56 17490800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL + 2007-10-06 00:44 . 2007-10-06 00:44 14168600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OART.DLL + 2007-09-15 01:45 . 2007-09-15 01:45 16901168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL + 2007-10-06 00:37 . 2007-10-06 00:37 17927192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE + 2006-10-27 23:23 . 2006-10-27 23:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL + 2006-10-27 19:16 . 2006-10-27 19:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE + 2006-10-27 19:01 . 2006-10-27 19:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE + 2006-10-27 23:07 . 2006-10-27 23:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE + 2007-09-15 01:45 . 2007-09-15 01:45 16901168 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL + 2006-10-27 05:13 . 2006-10-27 05:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\XL12CNV.EXE . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 843776] "EPSON Stylus CX9400Fax Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" [2007-03-23 182272] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-10-24 1242424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504] "NDSTray.exe"="NDSTray.exe" [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{14740E99-68DB-4650-8B7B-191D8F6F6EEF}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema "{0638D1F7-F46A-40B8-950C-9A3EACAD4BA4}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program "{99D00FD7-E3C0-4E29-89C4-BB41751CC14F}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{2DACAD68-A4DF-4113-8D7F-5391025987EB}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{427B19D7-56EE-46EF-B94C-EC1A9FD574C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{976115CF-0655-45E6-B8D7-82B8978099E8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{258FE3F9-1157-4090-A03F-76450A9FA830}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{CCA9F292-A0A6-4A36-996A-CFFBA598FAB0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{744BD608-BD58-4649-B638-5D439DC47DB9}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{2628E3F5-F6D9-416A-8B56-A978EAE04D87}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{632CF3E1-E6BF-436F-90AB-89BC711A4049}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{842CDE1A-55DC-43D8-96B8-1628AB407C56}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CC508B8D-51E2-480B-9198-13249B64A43E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{ECA36B1C-3080-4A01-A1A2-DA0764ECE701}c:\\program files\\winmx\\winmx.exe"= UDP:c:\program files\winmx\winmx.exe:WinMX Application "UDP Query User{1B75A484-CDCC-4AE9-ACE9-3989E1DC21A8}c:\\program files\\winmx\\winmx.exe"= TCP:c:\program files\winmx\winmx.exe:WinMX Application "TCP Query User{7E946085-A722-41CD-B37D-063143E327F8}c:\\program files\\microsoft office\\office12\\groove.exe"= UDP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove "UDP Query User{687A6D22-B0D1-4030-BBB5-BAF0597DFF34}c:\\program files\\microsoft office\\office12\\groove.exe"= TCP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe::Enabled:NIE - Toshiba Software Upgrades Engine "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe::Enabled:Toshiba Software Upgrades Pinger R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-06 29744] R3 IO_Memory;IO_Memory; [x] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368] R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216] S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960] S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-10-24 46392] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728] . Contents of the 'Scheduled Tasks' folder 2009-04-14 c:\windows\Tasks\User_Feed_Synchronization-{290A22F6-D346-4530-8DD6-498CE0400FC0}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uInternet Settings,ProxyOverride = .local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\5t4dtf65.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/index.cfm FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 20:29 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-04-15 20:31 ComboFix-quarantined-files.txt 2009-04-15 00:31 ComboFix2.txt 2009-04-13 13:04 ComboFix3.txt 2009-04-11 20:26 Pre-Run: 226,160,386,048 bytes free Post-Run: 226,307,534,848 bytes free 641 --- E O F --- 2009-04-14 13:41

04-14-2009, 09:09 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,969 OS: WinXP and Vista	Re: Search redirect and Unable to update spyware software, etc. Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- In the event you wish to contribute to the ongoing development of ComboFix, donations can be made via PayPal. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? Think Prevention Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. Kindly respond one more time and let me know if we may consider this thread resolved. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

04-15-2009, 11:20 AM	#11 (permalink)
mouthbre Registered User Join Date: Apr 2009 Location: Ohio Posts: 7 OS: Vista Pro Home 32-Bit	Re: Search redirect and Unable to update spyware software, etc. Reid, I think I can safely say we got it. Thank you so much! I've learned a valuable lesson. I'm grateful that there are those out there who are using their talents for good, not evil I will gladly make a contribution to ComboFix. Thanks, again. Shannon Last edited by mouthbre; 04-15-2009 at 11:21 AM.

04-16-2009, 12:45 AM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,969 OS: WinXP and Vista	Re: Search redirect and Unable to update spyware software, etc. You're welcome, Shannon. Take care and surf safely. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."