SonicLocutus

Here is the latest full scan log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 912012606 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/26/2012 10:40:45 PM mbam-log-2012-01-26 (22-40-45).txt Scan type: Full scan (C:\|) Objects scanned: 274219 Time elapsed: 1 hour(s), 51 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SoftwareDistribution\Download\3196d77b689e5d019e8a4f6e9048fd78650823de (Trojan.Llac) -> Quarantined and deleted successfully. Thanks,

Here is the new Combofix log: ComboFix 12-01-23.02 - Eric 01/25/2012 23:15:31.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2479 [GMT -6:00] Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest" "c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest c:\program files\Common Files\Spigot c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml c:\program files\Common Files\Spigot\Search Settings\config.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 c:\program files\Common Files\Spigot\wtxpcom\install.rdf . . ((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))) . . 2012-01-25 04:46 . 2012-01-25 04:46 -------- d-----w- c:\program files\ESET 2012-01-25 04:43 . 2012-01-25 04:43 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Sun 2012-01-24 00:29 . 2012-01-24 00:29 -------- d-----w- c:\program files\Common Files\Java 2012-01-24 00:29 . 2012-01-24 00:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-01-23 04:08 . 2012-01-23 04:08 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-01-23 04:04 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-23 04:04 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-23 04:04 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-23 04:04 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-23 04:04 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-23 04:04 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-23 04:04 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-23 04:04 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-23 04:04 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-23 04:04 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-23 04:04 . 2012-01-23 04:04 -------- d-----w- c:\program files\AVAST Software 2012-01-23 04:04 . 2012-01-23 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-20 22:24 . 2012-01-20 22:24 -------- d-----w- C:\sn0wbreeze 2012-01-14 15:46 . 2012-01-14 15:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-14 15:46 . 2012-01-14 15:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-14 15:46 . 2012-01-14 15:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-14 15:46 . 2012-01-14 15:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-04 05:26 . 2012-01-04 07:41 -------- d-----w- c:\documents and settings\Eric\Application Data\Notepad++ 2012-01-04 05:26 . 2012-01-04 05:26 -------- d-----w- c:\program files\Notepad++ 2011-12-27 21:30 . 2011-12-27 21:30 -------- d-----w- c:\program files\PowerISO . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-24 00:29 . 2011-05-09 13:20 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-24 00:29 . 2011-05-09 13:20 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-25 21:57 . 2008-04-14 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 20:23 . 2011-11-23 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-11-23 20:23 . 2011-11-23 20:23 249856 ------w- c:\windows\Setup1.exe 2011-11-23 13:25 . 2008-04-14 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2008-04-14 08:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-15 18:40 . 2011-05-26 02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-15 03:50 . 2011-11-15 03:50 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys 2011-11-04 19:20 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2008-04-23 00:16 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:27 . 2008-07-12 19:09 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-03 15:27 . 2008-04-14 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-01 16:07 . 2008-04-14 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2008-04-14 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2012-01-14 15:46 . 2011-11-17 20:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-01-21_05.01.16 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll - 2009-07-11 19:32 . 2009-07-11 19:32 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll - 2009-07-11 19:32 . 2009-07-11 19:32 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll - 2009-07-11 19:32 . 2009-07-11 19:32 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll - 2009-07-11 19:32 . 2009-07-11 19:32 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll - 2009-07-11 19:32 . 2009-07-11 19:32 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll - 2009-07-11 19:32 . 2009-07-11 19:32 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll - 2009-07-11 19:32 . 2009-07-11 19:32 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll - 2009-07-11 19:32 . 2009-07-11 19:32 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll - 2009-07-11 19:32 . 2009-07-11 19:32 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll - 2009-07-11 19:32 . 2009-07-11 19:32 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll - 2009-07-11 19:32 . 2009-07-11 19:32 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll - 2009-07-11 19:32 . 2009-07-11 19:32 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll - 2009-07-11 19:35 . 2009-07-11 19:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll - 2009-07-11 19:35 . 2009-07-11 19:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2012-01-25 20:05 . 2012-01-25 20:05 16384 c:\windows\temp\Perflib_Perfdata_824.dat + 2008-07-12 19:08 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe - 2008-07-12 19:08 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe + 2008-04-14 08:00 . 2012-01-23 04:38 72486 c:\windows\system32\perfc009.dat - 2008-04-14 08:00 . 2011-11-07 15:53 72486 c:\windows\system32\perfc009.dat - 2008-04-23 00:16 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll + 2008-04-23 00:16 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll - 2008-04-23 00:16 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll + 2008-04-23 00:16 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll + 2008-04-14 08:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll - 2008-04-14 08:00 . 2008-04-14 08:00 23040 c:\windows\system32\mciseq.dll - 2008-04-23 00:16 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll + 2008-04-23 00:16 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll + 2010-04-26 07:49 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll - 2010-04-26 07:49 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll + 2008-04-14 08:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe + 2008-04-23 00:16 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll - 2008-04-23 00:16 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll - 2010-04-28 04:15 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2010-04-28 04:15 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-04-14 08:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll - 2008-04-14 08:00 . 2008-04-14 08:00 23040 c:\windows\system32\dllcache\mciseq.dll - 2008-07-12 19:10 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll + 2008-07-12 19:10 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll - 2008-04-23 00:16 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll + 2008-04-23 00:16 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll + 2008-04-14 08:00 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll - 2008-04-14 08:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll + 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe - 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll - 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll - 2010-08-04 16:20 . 2011-10-21 16:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-08-04 16:20 . 2012-01-23 04:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-08-04 16:20 . 2012-01-23 04:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-08-04 16:20 . 2011-10-21 16:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-08-04 16:20 . 2011-10-21 16:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2010-08-04 16:20 . 2012-01-23 04:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2012-01-23 04:38 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll + 2012-01-23 04:38 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll + 2012-01-23 04:38 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll + 2012-01-23 04:38 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll + 2012-01-23 04:38 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll + 2012-01-23 04:41 . 2012-01-23 04:41 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_566feda3\System.Drawing.Design.dll + 2012-01-23 04:41 . 2012-01-23 04:41 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_783e3207\CustomMarshalers.dll + 2012-01-23 15:36 . 2012-01-23 15:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll + 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2011-10-21 16:25 . 2011-10-21 16:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2011-10-21 16:25 . 2011-10-21 16:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2012-01-23 04:37 . 2012-01-23 04:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2012-01-23 04:37 . 2012-01-23 04:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2011-10-21 16:26 . 2011-10-21 16:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2011-10-21 16:25 . 2011-10-21 16:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2012-01-23 04:37 . 2012-01-23 04:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2011-10-21 16:25 . 2011-10-21 16:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2012-01-23 04:37 . 2012-01-23 04:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2012-01-23 04:37 . 2012-01-23 04:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2011-10-21 16:25 . 2011-10-21 16:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2011-10-21 16:26 . 2011-10-21 16:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2011-10-21 16:25 . 2011-10-21 16:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2012-01-23 04:37 . 2012-01-23 04:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2011-10-21 16:25 . 2011-10-21 16:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2011-10-21 16:25 . 2011-10-21 16:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2012-01-23 04:37 . 2012-01-23 04:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2012-01-23 04:37 . 2012-01-23 04:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2011-10-21 16:25 . 2011-10-21 16:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2011-10-21 16:25 . 2011-10-21 16:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-01-23 04:37 . 2012-01-23 04:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2011-10-21 16:25 . 2011-10-21 16:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-01-23 04:37 . 2012-01-23 04:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-10-21 16:16 . 2011-10-21 16:16 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2012-01-23 04:40 . 2012-01-23 04:40 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2012-01-23 04:37 . 2012-01-23 04:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2011-10-21 16:25 . 2011-10-21 16:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2012-01-23 04:37 . 2012-01-23 04:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2011-10-21 16:25 . 2011-10-21 16:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2012-01-23 04:37 . 2012-01-23 04:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2011-10-21 16:26 . 2011-10-21 16:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-01-23 04:37 . 2012-01-23 04:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2011-10-21 16:25 . 2011-10-21 16:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2012-01-23 04:37 . 2012-01-23 04:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2011-10-21 16:25 . 2011-10-21 16:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2011-10-21 16:25 . 2011-10-21 16:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2012-01-23 04:37 . 2012-01-23 04:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - 2009-07-11 19:32 . 2009-07-11 19:32 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - 2009-07-11 19:32 . 2009-07-11 19:32 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - 2009-07-11 19:35 . 2009-07-11 19:35 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll - 2009-07-11 19:32 . 2009-07-11 19:32 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-04-14 08:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll - 2008-04-14 08:00 . 2008-04-14 08:00 176128 c:\windows\system32\winmm.dll + 2008-04-23 00:16 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll - 2008-04-23 00:16 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll + 2008-04-14 08:00 . 2012-01-23 04:38 444354 c:\windows\system32\perfh009.dat - 2008-04-14 08:00 . 2011-11-07 15:53 444354 c:\windows\system32\perfh009.dat + 2008-04-23 00:16 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll - 2008-04-23 00:16 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll - 2008-04-23 00:16 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll + 2008-04-23 00:16 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll - 2008-04-23 00:16 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll + 2008-04-23 00:16 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll + 2012-01-24 00:29 . 2012-01-24 00:29 223112 c:\windows\system32\javaws.exe + 2012-01-24 00:29 . 2012-01-24 00:29 173960 c:\windows\system32\javaw.exe + 2012-01-24 00:29 . 2012-01-24 00:29 173960 c:\windows\system32\java.exe - 2008-07-12 19:10 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll + 2008-07-12 19:10 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll - 2008-04-23 00:16 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll + 2008-04-23 00:16 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll + 2008-04-22 03:39 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe - 2008-04-22 03:39 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe + 2010-04-27 23:05 . 2012-01-23 15:22 266208 c:\windows\system32\FNTCACHE.DAT - 2010-04-27 23:05 . 2011-10-21 16:31 266208 c:\windows\system32\FNTCACHE.DAT + 2008-04-14 08:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll - 2008-04-14 08:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll - 2008-04-14 08:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll + 2008-04-14 08:00 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll + 2008-04-14 08:00 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll - 2008-04-14 08:00 . 2008-04-14 08:00 176128 c:\windows\system32\dllcache\winmm.dll + 2008-04-23 00:16 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll + 2008-04-23 00:16 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll - 2008-04-23 00:16 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll + 2008-04-14 08:00 . 2011-11-03 15:27 386048 c:\windows\system32\dllcache\qdvd.dll - 2008-04-14 08:00 . 2008-04-14 08:00 386048 c:\windows\system32\dllcache\qdvd.dll + 2008-04-23 00:16 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll - 2008-04-23 00:16 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll + 2008-04-23 00:16 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll - 2008-04-23 00:16 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll - 2010-04-28 04:15 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll + 2010-04-28 04:15 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll - 2010-04-26 07:49 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll + 2010-04-26 07:49 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll - 2008-07-12 19:10 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll + 2008-07-12 19:10 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-06-09 03:04 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-06-09 03:04 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll - 2008-04-23 00:16 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2008-04-23 00:16 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2008-04-22 03:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe - 2008-04-22 03:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe - 2008-04-14 08:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll + 2008-04-14 08:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll + 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\a1f216.msp + 2012-01-24 00:29 . 2012-01-24 00:29 176128 c:\windows\Installer\1f49ddc.msi + 2012-01-24 00:29 . 2012-01-24 00:29 938496 c:\windows\Installer\1f49dcc.msi + 2010-08-04 16:20 . 2012-01-23 04:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-08-04 16:20 . 2011-10-21 16:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-08-04 16:20 . 2011-10-21 16:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2010-08-04 16:20 . 2012-01-23 04:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2010-08-04 16:20 . 2012-01-23 04:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2010-08-04 16:20 . 2011-10-21 16:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2010-08-04 16:20 . 2011-10-21 16:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-08-04 16:20 . 2012-01-23 04:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-08-04 16:20 . 2012-01-23 04:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-08-04 16:20 . 2011-10-21 16:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2010-08-04 16:20 . 2012-01-23 04:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2010-08-04 16:20 . 2011-10-21 16:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2010-08-04 16:20 . 2012-01-23 04:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2010-08-04 16:20 . 2011-10-21 16:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2012-01-23 04:38 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll + 2012-01-23 04:38 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll + 2012-01-23 04:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll + 2012-01-23 04:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe + 2012-01-23 04:38 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll + 2012-01-23 04:38 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll + 2012-01-23 04:38 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll + 2012-01-23 04:38 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll + 2012-01-23 04:38 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll + 2012-01-23 04:38 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll + 2012-01-23 04:38 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll + 2012-01-23 04:38 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe + 2012-01-23 04:41 . 2012-01-23 04:41 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_602b20b7\System.Drawing.dll + 2012-01-23 04:41 . 2012-01-23 04:41 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ac341452\System.Drawing.Design.dll + 2012-01-23 04:41 . 2012-01-23 04:41 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e773a7b1\CustomMarshalers.dll + 2012-01-23 15:35 . 2012-01-23 15:35 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll + 2012-01-23 15:35 . 2012-01-23 15:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll + 2012-01-23 15:35 . 2012-01-23 15:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll + 2012-01-23 04:45 . 2012-01-23 04:45 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll + 2012-01-23 04:44 . 2012-01-23 04:44 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe + 2012-01-23 04:43 . 2012-01-23 04:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll + 2012-01-23 04:37 . 2012-01-23 04:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2011-10-21 16:25 . 2011-10-21 16:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2011-10-21 16:25 . 2011-10-21 16:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2012-01-23 04:37 . 2012-01-23 04:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2012-01-23 04:37 . 2012-01-23 04:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2011-10-21 16:25 . 2011-10-21 16:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-01-23 04:37 . 2012-01-23 04:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-10-21 16:25 . 2011-10-21 16:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2012-01-23 04:37 . 2012-01-23 04:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2011-06-24 06:23 . 2011-10-21 16:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2011-10-21 16:26 . 2011-10-21 16:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-01-23 04:37 . 2012-01-23 04:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-01-23 04:37 . 2012-01-23 04:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-10-21 16:25 . 2011-10-21 16:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-10-21 16:25 . 2011-10-21 16:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2012-01-23 04:37 . 2012-01-23 04:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2012-01-23 04:37 . 2012-01-23 04:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2011-10-21 16:25 . 2011-10-21 16:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-01-23 04:37 . 2012-01-23 04:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2011-10-21 16:26 . 2011-10-21 16:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-01-23 04:37 . 2012-01-23 04:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-10-21 16:26 . 2011-10-21 16:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-10-21 16:26 . 2011-10-21 16:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-01-23 04:37 . 2012-01-23 04:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2011-10-21 16:26 . 2011-10-21 16:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-01-23 04:37 . 2012-01-23 04:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2011-10-21 16:25 . 2011-10-21 16:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-01-23 04:37 . 2012-01-23 04:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2011-10-21 16:25 . 2011-10-21 16:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2012-01-23 04:37 . 2012-01-23 04:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-10-21 16:25 . 2011-10-21 16:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2012-01-23 04:37 . 2012-01-23 04:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-10-21 16:25 . 2011-10-21 16:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-01-23 04:37 . 2012-01-23 04:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2011-10-21 16:25 . 2011-10-21 16:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2012-01-23 04:37 . 2012-01-23 04:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2011-10-21 16:25 . 2011-10-21 16:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2012-01-23 04:37 . 2012-01-23 04:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2012-01-23 04:37 . 2012-01-23 04:37 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2011-10-21 16:25 . 2011-10-21 16:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2011-10-21 16:25 . 2011-10-21 16:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-01-23 04:37 . 2012-01-23 04:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2011-10-21 16:25 . 2011-10-21 16:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-01-23 04:37 . 2012-01-23 04:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-01-23 04:37 . 2012-01-23 04:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2011-10-21 16:26 . 2011-10-21 16:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2012-01-23 04:44 . 2012-01-23 04:44 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll - 2009-07-11 19:32 . 2009-07-11 19:32 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll - 2009-07-11 19:32 . 2009-07-11 19:32 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll - 2008-04-23 00:16 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll + 2008-04-23 00:16 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll + 2008-04-14 08:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe - 2008-04-14 08:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe + 2008-04-14 04:01 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe - 2008-04-14 04:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe + 2008-04-23 22:16 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll - 2008-04-23 00:16 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll + 2008-04-23 00:16 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll + 2008-04-14 08:00 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys + 2008-04-23 00:16 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll - 2008-04-23 00:16 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll + 2008-07-12 19:09 . 2011-11-03 15:27 1292288 c:\windows\system32\dllcache\quartz.dll + 2008-04-14 08:00 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll + 2010-04-26 07:22 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe - 2010-04-26 07:22 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe - 2010-04-26 07:22 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe + 2010-04-26 07:22 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe - 2010-04-26 07:22 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2010-04-26 07:22 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-04-23 22:16 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll - 2010-04-28 04:15 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll + 2010-04-28 04:15 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll + 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\a1f22f.msp + 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\a1f1f5.msp + 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\a1f1ea.msp + 2011-11-11 22:14 . 2011-11-11 22:14 9096192 c:\windows\Installer\a1f1d3.msp + 2011-11-01 19:34 . 2011-11-01 19:34 4225536 c:\windows\Installer\a1f1bc.msp + 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\a1f1a0.msp + 2011-11-11 22:15 . 2011-11-11 22:15 1795584 c:\windows\Installer\a1f189.msp + 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\a1f172.msp + 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\a1f15b.msp + 2010-08-04 16:20 . 2012-01-23 04:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-08-04 16:20 . 2011-10-21 16:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-08-04 16:20 . 2011-10-21 16:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2010-08-04 16:20 . 2012-01-23 04:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE + 2012-01-23 04:38 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll + 2012-01-23 04:38 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll + 2012-01-23 04:38 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll + 2010-04-26 07:22 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2010-04-26 07:22 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2010-04-26 07:22 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2010-04-26 07:22 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2010-04-26 07:22 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-04-26 07:22 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2012-01-23 04:41 . 2012-01-23 04:41 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ee08f8c4\System.dll + 2012-01-23 04:41 . 2012-01-23 04:41 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_59207b29\System.dll + 2012-01-23 04:41 . 2012-01-23 04:41 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4733ddc5\System.Xml.dll + 2012-01-23 04:41 . 2012-01-23 04:41 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3a9bd1aa\System.Xml.dll + 2012-01-23 04:41 . 2012-01-23 04:41 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f173c56a\System.Windows.Forms.dll + 2012-01-23 04:41 . 2012-01-23 04:41 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_42524f61\System.Windows.Forms.dll + 2012-01-23 04:41 . 2012-01-23 04:41 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_dd488e70\System.Drawing.dll + 2012-01-23 04:41 . 2012-01-23 04:41 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9f0ad762\System.Design.dll + 2012-01-23 04:41 . 2012-01-23 04:41 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_90ea9f6b\System.Design.dll + 2012-01-23 04:41 . 2012-01-23 04:42 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8baeb66f\mscorlib.dll + 2012-01-23 04:41 . 2012-01-23 04:41 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_63c1086c\mscorlib.dll + 2012-01-23 15:36 . 2012-01-23 15:36 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll + 2012-01-23 15:36 . 2012-01-23 15:36 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll + 2012-01-23 15:35 . 2012-01-23 15:35 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll + 2012-01-23 15:35 . 2012-01-23 15:35 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll + 2012-01-23 04:43 . 2012-01-23 04:43 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll + 2012-01-23 15:35 . 2012-01-23 15:35 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll + 2012-01-23 04:44 . 2012-01-23 04:44 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll + 2012-01-23 04:37 . 2012-01-23 04:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2011-10-21 16:26 . 2011-10-21 16:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2011-10-21 16:26 . 2011-10-21 16:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2012-01-23 04:37 . 2012-01-23 04:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2012-01-23 04:37 . 2012-01-23 04:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2011-10-21 16:25 . 2011-10-21 16:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2010-11-02 15:49 . 2010-11-02 15:49 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2012-01-23 04:41 . 2012-01-23 04:41 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll - 2011-10-21 16:25 . 2011-10-21 16:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-01-23 04:37 . 2012-01-23 04:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2012-01-23 04:37 . 2012-01-23 04:37 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2011-10-21 16:26 . 2011-10-21 16:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2012-01-23 04:37 . 2012-01-23 04:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2012-01-23 04:37 . 2012-01-23 04:37 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-06-24 06:23 . 2011-10-21 16:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-10-21 16:16 . 2011-10-21 16:16 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2012-01-23 04:40 . 2012-01-23 04:40 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2012-01-23 04:40 . 2012-01-23 04:40 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-01-23 04:40 . 2012-01-23 04:40 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2010-04-26 07:47 . 2012-01-04 23:15 52128560 c:\windows\system32\MRT.exe - 2008-04-23 00:16 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll + 2008-04-23 00:16 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll + 2010-04-28 04:15 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll - 2010-04-28 04:15 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll + 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp + 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\a1f20f.msp + 2012-01-23 04:38 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll + 2012-01-23 15:35 . 2012-01-23 15:35 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll + 2012-01-23 04:44 . 2012-01-23 04:44 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll + 2012-01-23 04:40 . 2012-01-23 04:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Application Updater"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "e:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\source sdk base 2007\\hl2.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousSam.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousEditor.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousModeler.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousSam.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousEditor.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousModeler.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "e:\\Program Files\\Skype\\Phone\\Skype.exe"= "e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "e:\\Program Files\\Steam\\steamapps\\sirpezz\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Cisco Packet Tracer 5.3.1\\bin\\PacketTracer5.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE_Unrestricted.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Documents and Settings\\M L\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\the ship\\ship.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\day of defeat\\hl.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\counter-strike\\hl.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD.exe"= "c:\\Documents and Settings\\M L\\Application Data\\Spotify\\spotify.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26555:TCP"= 26555:TCP:BitComet 26555 TCP "26555:UDP"= 26555:UDP:BitComet 26555 UDP "10290:TCP"= 10290:TCP:BitComet 10290 TCP "10290:UDP"= 10290:UDP:BitComet 10290 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/22/2012 10:04 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/22/2012 10:04 PM 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/22/2012 10:04 PM 20568] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 2:59 PM 304464] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 2:59 PM 20952] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/8/2010 9:09 PM 47360] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176] S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/15/2011 2:22 PM 746392] . Contents of the 'Scheduled Tasks' folder . 2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58] . 2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100 uInternet Settings,ProxyOverride = cdn;*.local IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\idmmbc.dll TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-25 23:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}] @Denied: (Full) (Everyone) "Model"=dword:0000009f "Therad"=dword:0000002a "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):99,57,06,44,e7,51,82,f5,07,67,a1,d9,0e,b1,b9,b2,13,b7,97,25,a7, a2,90,98,b6,c5,e7,f7,2d,4c,bf,3a,1e,54,f2,8d,87,95,20,00,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):c3,78,17,e1,e4,2b,3e,2d,78,05,1a,b0,83,ce,f2,bc,ef,b8,55,80,f7, d3,45,be,7b,b3,d6,d0,d5,51,6c,83,a3,fc,f8,99,d9,06,89,89,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}] @Denied: (Full) (Everyone) "Model"=dword:00000107 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'lsass.exe'(880) c:\windows\system32\idmmbc.dll . Completion time: 2012-01-25 23:33:06 ComboFix-quarantined-files.txt 2012-01-26 05:33 ComboFix2.txt 2012-01-21 05:04 . Pre-Run: 30,523,707,392 bytes free Post-Run: 30,533,656,576 bytes free . - - End Of File - - F823BD7197FB9EC469B4D958393DA1EE My system is now running smoother, no more redirects during google searches. Thanks,

Log from EST scan: C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan C:\Documents and Settings\M L\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\Cache.Trash\D\94\EF26Fd01 JS/Kryptik.ES trojan C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\IntelOnlineNotifier.dll.vir a variant of Win32/Kryptik.XNI trojan C:\Qoobox\Quarantine\C\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Qoobox\Quarantine\C\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Qoobox\Quarantine\C\Documents and Settings\Eric\Local Settings\Application Data\qkp.exe.vir a variant of Win32/Kryptik.XMW trojan E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9A6N7L2O\rqmqzmkmkm[1].htm JS/Agent.NCU trojan E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UKCNABLK\main[1].htm JS/Fraud.NAC trojan E:\Documents and Settings\PezZ\My Documents\aim593702.exe Win32/Adware.WBug.A application E:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0 Run by Eric at 7:35:33 on 2012-01-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2134 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Icons\Seticon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\idt\intelxpv_v83\wdm\STacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTEDA.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVAST Software\Avast\setup\avast.setup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100 uInternet Settings,ProxyOverride = cdn;*.local BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [seticon] c:\program files\icons\Seticon.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [RunNarrator] Narrator.exe IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: c:\windows\system32\idmmbc.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{511F7647-4317-4AAB-B237-C251015E4910} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\blc7h4sz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-22 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-22 314456] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-19 532224] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-22 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-22 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 304464] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176] S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-11-15 746392] . =============== Created Last 30 ================ . 2012-01-25 04:46:40 -------- d-----w- c:\program files\ESET 2012-01-25 04:43:29 -------- d-----w- c:\documents and settings\eric\local settings\application data\Sun 2012-01-24 03:48:49 -------- d-----w- c:\windows\system32\appmgmt 2012-01-24 00:29:32 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-01-23 04:08:51 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-01-23 04:04:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-23 04:04:33 41184 ----a-w- c:\windows\avastSS.scr 2012-01-23 04:04:23 -------- d-----w- c:\program files\AVAST Software 2012-01-23 04:04:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-01-21 04:49:23 -------- d-sha-r- C:\cmdcons 2012-01-21 04:46:28 98816 ----a-w- c:\windows\sed.exe 2012-01-21 04:46:28 518144 ----a-w- c:\windows\SWREG.exe 2012-01-21 04:46:28 256000 ----a-w- c:\windows\PEV.exe 2012-01-21 04:46:28 208896 ----a-w- c:\windows\MBR.exe 2012-01-20 22:24:10 -------- d-----w- C:\sn0wbreeze 2012-01-14 15:46:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-14 15:46:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-14 15:46:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-14 15:46:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2011-12-27 21:30:02 -------- d-----w- c:\program files\PowerISO . ==================== Find3M ==================== . 2012-01-24 00:29:14 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-24 00:29:13 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 20:23:16 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-11-23 20:23:16 249856 ------w- c:\windows\Setup1.exe 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-15 18:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:27:33 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:27:33 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll . ============= FINISH: 7:37:09.21 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/27/2010 11:17:28 PM System Uptime: 1/24/2012 7:27:35 AM (24 hours ago) . Motherboard: Intel Corporation | | DX48BT2 Processor: Intel® Core2 CPU 6600 @ 2.40GHz | CPU1 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 74 GiB total, 28.755 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 932 GiB total, 266.949 GiB free. J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: USB Mass Storage Device Device ID: USB\VID_10DF&PID_0500\042000004AC8 Manufacturer: Compatible USB storage device Name: USB Mass Storage Device PNP Device ID: USB\VID_10DF&PID_0500\042000004AC8 Service: USBSTOR . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_54428086&REV_02\3&61AAA01&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_54428086&REV_02\3&61AAA01&0&FB Service: . ==== System Restore Points =================== . RP457: 1/23/2012 11:45:40 AM - Software Distribution Service 3.0 RP458: 1/23/2012 6:29:06 PM - Installed Java 7 Update 2 RP459: 1/23/2012 9:48:08 PM - Removed Java 6 Update 25 RP460: 1/23/2012 9:52:15 PM - Removed GBalph NDSMovie Converter V1.00 RP461: 1/24/2012 9:52:26 PM - System Checkpoint . ==== Installed Programs ====================== . . 2007 Microsoft Office Suite Service Pack 2 (SP2) abgx360 v1.0.2 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Audacity 1.2.6 avast! Free Antivirus AVI To MP4 Converter 1.0 Black Ice Tiff Viewer Bonjour Boson NetSim for CCNP BETA 2b Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Packet Tracer 5.3.1 Click to Call with Skype CopyToy 7.2.1.0 Day of Defeat: Source DH Driver Cleaner Professional Edition doPDF 7.2 printer Dual-Core Optimizer DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0 EPSON NX100 Series Printer Uninstall EPSON Scan ESET Online Scanner v3 Google Earth Plug-in Google Talk (remove only) Google Update Helper Half-Life 2: Deathmatch Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) iAPP CR-e500(CR-i500) Icons and Drivers IDT Audio ImgBurn Intel® Network Connections 13.5.32.0 Internet Download Manager iTunes Java Auto Updater Java 7 Update 2 JPG to PDF Converter 1.0 Left 4 Dead 2 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 9.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton PartitionMagic Norton PartitionMagic 8.0 Notepad++ NVIDIA PhysX v8.10.29 PDFCreator pdfforge Toolbar v4.8 Peggle Deluxe PowerISO QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SemSim Router Simulator Serious Sam Classic: The First Encounter Serious Sam Classic: The Second Encounter Serious Sam HD: The First Encounter Serious Sam HD: The Second Encounter Skins Skype™ 5.1 Skype™ 5.5 SoulSeek 157 NS 13e Spybot - Search & Destroy Steam TeamSpeak 3 Client Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Ventrilo Client VLC media player 1.0.5 Watchtower Library 2010 - English WebFldrs XP WinDirStat 1.1.2 Windows Internet Explorer 8 WinRAR archiver Xfire (remove only) Xilisoft Video Converter Ultimate ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 1/23/2012 9:25:23 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 1/23/2012 11:44:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ComboFix.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 1/22/2012 7:37:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 1/22/2012 7:37:44 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/22/2012 10:15:31 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal. 1/20/2012 10:46:04 PM, error: Service Control Manager [7034] - The EPSON V5 Service4(01) service terminated unexpectedly. It has done this 1 time(s). 1/20/2012 10:46:04 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s). 1/18/2012 7:29:36 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D. . ==== End Of File =========================== Thanks,

Yes I am still with you. I took a 2 day vacation. The redirects are no longer occuring, and windows updates have now resumed. Something must have cleaned the trojan. I have installed Avast! and it is working properly. Here is the MBAM log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 912012301 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/22/2012 8:24:12 PM mbam-log-2012-01-22 (20-24-12).txt Scan type: Quick scan Objects scanned: 203633 Time elapsed: 11 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the Add-Remove Programs.txt: 2007 Microsoft Office Suite Service Pack 2 (SP2) abgx360 v1.0.2 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) AIM 7 Alien Swarm Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Audacity 1.2.6 AVI To MP4 Converter 1.0 Black Ice Tiff Viewer Bonjour Boson NetSim for CCNP BETA 2b Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Packet Tracer 5.3.1 Click to Call with Skype Comcast High-Speed Internet Install Wizard CopyToy 7.2.1.0 Day of Defeat: Source DH Driver Cleaner Professional Edition doPDF 7.2 printer Dual-Core Optimizer DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0 EPSON NX100 Series Printer Uninstall EPSON Scan GBalph NDSMovie Converter V1.00 Google Earth Plug-in Google Talk (remove only) Google Update Helper Half-Life 2: Deathmatch Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) iAPP CR-e500(CR-i500) Icons and Drivers IDT Audio ImgBurn Intel® Network Connections 13.5.32.0 Internet Download Manager iTunes Java Auto Updater Java 6 Update 25 JPG to PDF Converter 1.0 Left 4 Dead 2 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Moonbase Alpha Mozilla Firefox 9.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton PartitionMagic Norton PartitionMagic 8.0 Notepad++ NVIDIA PhysX v8.10.29 PDFCreator pdfforge Toolbar v4.8 Peggle Deluxe PowerISO QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SemSim Router Simulator Serious Sam Classic: The First Encounter Serious Sam Classic: The Second Encounter Serious Sam HD: The First Encounter Serious Sam HD: The Second Encounter Skins Skype™ 5.1 Skype™ 5.5 SoulSeek 157 NS 13e Spybot - Search & Destroy Steam TeamSpeak 3 Client Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Outlook 2007 Junk Email Filter (KB2596560) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Ventrilo Client VLC media player 1.0.5 Watchtower Library 2010 - English WebFldrs XP WinDirStat 1.1.2 Windows Internet Explorer 8 WinRAR archiver Xfire (remove only) Xilisoft Video Converter Ultimate ZoneAlarm Danke,

Ja, aber mein Deutsch ist nicht so gut. Lassen Sie uns in Englisch gesprochen. After disabling all anti-virus/anti-malware software this is the results from ComboFix: ComboFix 12-01-19.02 - Eric 01/20/2012 22:54:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2191 [GMT -6:00] Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\i63lg2m51m c:\documents and settings\All Users\Application Data\IntelOnlineNotifier.dll c:\documents and settings\Eric\Application Data\IDM\idmmzcc3 c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\chrome.manifest c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\components\idmmzcc.dll c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\install.js c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\install.rdf c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\manifest.mf c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf c:\documents and settings\Eric\Application Data\inst.exe c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df} c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome\xulcache.jar c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\defaults\preferences\xulcache.js c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\install.rdf c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c} c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome\xulcache.jar c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\defaults\preferences\xulcache.js c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\install.rdf c:\documents and settings\Eric\Local Settings\Application Data\qkp.exe c:\windows\jestertb.dll c:\windows\system32\SET9B.tmp . . ((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 ))))))))))))))))))))))))))))))) . . 2012-01-20 22:24 . 2012-01-20 22:24 -------- d-----w- C:\sn0wbreeze 2012-01-14 15:46 . 2012-01-14 15:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-14 15:46 . 2012-01-14 15:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-14 15:46 . 2012-01-14 15:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-14 15:46 . 2012-01-14 15:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-04 05:26 . 2012-01-04 07:41 -------- d-----w- c:\documents and settings\Eric\Application Data\Notepad++ 2012-01-04 05:26 . 2012-01-04 05:26 -------- d-----w- c:\program files\Notepad++ 2011-12-27 21:30 . 2011-12-27 21:30 -------- d-----w- c:\program files\PowerISO . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 20:23 . 2011-11-23 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-11-23 20:23 . 2011-11-23 20:23 249856 ------w- c:\windows\Setup1.exe 2011-11-15 18:40 . 2011-05-26 02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-15 03:50 . 2011-11-15 03:50 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys 2012-01-14 15:46 . 2011-11-17 20:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] 2011-11-15 20:29 896352 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Application Updater"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "e:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\source sdk base 2007\\hl2.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousSam.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousEditor.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousModeler.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousSam.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousEditor.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousModeler.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "e:\\Program Files\\Skype\\Phone\\Skype.exe"= "e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "e:\\Program Files\\Steam\\steamapps\\sirpezz\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Cisco Packet Tracer 5.3.1\\bin\\PacketTracer5.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE_Unrestricted.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Documents and Settings\\M L\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\the ship\\ship.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\day of defeat\\hl.exe"= "e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\counter-strike\\hl.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\moon base alpha\\Binaries\\Win32\\MoonBaseAlphaGame.exe"= "e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD.exe"= "c:\\Documents and Settings\\M L\\Application Data\\Spotify\\spotify.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26555:TCP"= 26555:TCP:BitComet 26555 TCP "26555:UDP"= 26555:UDP:BitComet 26555 UDP "10290:TCP"= 10290:TCP:BitComet 10290 TCP "10290:UDP"= 10290:UDP:BitComet 10290 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 2:59 PM 304464] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 2:59 PM 20952] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/8/2010 9:09 PM 47360] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176] S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/15/2011 2:22 PM 746392] . Contents of the 'Scheduled Tasks' folder . 2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58] . 2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100 uInternet Settings,ProxyOverride = cdn;*.local IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\idmmbc.dll TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKU-Default-Run-AdobeData - c:\documents and settings\Eric\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll HKU-Default-Run-AppleData - c:\documents and settings\Eric\Local Settings\Application Data\Apple\AppleData\Appledata.dll MSConfigStartUp-IntelOnlineNotifier - c:\documents and settings\All Users\Application Data\IntelOnlineNotifier.dll AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-20 23:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}] @Denied: (Full) (Everyone) "Model"=dword:0000009f "Therad"=dword:0000002a "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):99,57,06,44,e7,51,82,f5,07,67,a1,d9,0e,b1,b9,b2,13,b7,97,25,a7, a2,90,98,b6,c5,e7,f7,2d,4c,bf,3a,1e,54,f2,8d,87,95,20,00,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):c3,78,17,e1,e4,2b,3e,2d,78,05,1a,b0,83,ce,f2,bc,ef,b8,55,80,f7, d3,45,be,7b,b3,d6,d0,d5,51,6c,83,a3,fc,f8,99,d9,06,89,89,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}] @Denied: (Full) (Everyone) "Model"=dword:00000107 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'lsass.exe'(836) c:\windows\system32\idmmbc.dll . Completion time: 2012-01-20 23:04:00 ComboFix-quarantined-files.txt 2012-01-21 05:03 . Pre-Run: 28,048,158,720 bytes free Post-Run: 28,112,314,368 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 2F8E829DC58462A42013E45095293A56

Guten Tag Daniel, Here is the MBAM Log for today: 07:46:25 Eric MESSAGE Protection started successfully 07:46:30 Eric MESSAGE IP Protection started successfully Here are the Gmer results: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-20 11:28:24 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e WDC_WD800JD-75MSA3 rev.10.01E04 Running: ywbeuuw6.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\ugtdypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA2537534] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA2531782] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA25506DC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA2537CC0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA254AEB4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA254B2A2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA2554916] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA2537DF6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA2532398] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA2551FE4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA255193C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA2549DF0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA255293C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA2552B44] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA2531FAA] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA254D1CE] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA254CDF8] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA25538D2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA2553208] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA25370F4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA25542A4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA25377DC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA253275C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA2553E12] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA25510C4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA254BF0A] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA254BC86] ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \FileSystem\Cdfs \Cdfs 9F5D5400 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@Model 159 Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@Therad 42 Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x99 0x57 0x06 0x44 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xC3 0x78 0x17 0xE1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@Model 263 Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@Therad 21 Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@MData 0x73 0xD5 0xCF 0xB8 ... ---- EOF - GMER 1.0.15 ---- Danke,

Greetings, Looking for some expert help to remove the google redirect virus from computer. My searches in google get redirected to other websites like gimmeanswers.com, feed.buzzclick.com, etc. I have tried many malware removal programs but to no avail. Hopefully, one of the expert helpers here can assist me with removing this annoying virus. Please let me know what other information I can provide. My DDS Logs are follows: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Eric at 13:05:01 on 2012-01-19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1689 [GMT -6:00] . FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\idt\intelxpv_v83\wdm\STacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Icons\Seticon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Google\Google Earth\plugin\geplugin.exe C:\WINDOWS\system32\notepad.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100 uInternet Settings,ProxyOverride = cdn;*.local uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dll BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [seticon] c:\program files\icons\Seticon.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" dRun: [EPSON NX100 Series (from PEZZTOP)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S7.tmp" /EF "HKCU" dRun: [AdobeData] rundll32.exe "c:\documents and settings\eric\local settings\application data\adobe\adobedata\Adobedata.dll",DllRegisterServer dRun: [AppleData] rundll32.exe "c:\documents and settings\eric\local settings\application data\apple\appledata\Appledata.dll",DllRegisterServer dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [RunNarrator] Narrator.exe IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: c:\windows\system32\idmmbc.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{511F7647-4317-4AAB-B237-C251015E4910} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\blc7h4sz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\eric\application data\idm\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-19 532224] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 304464] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176] S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-11-15 746392] . =============== Created Last 30 ================ . 2012-01-14 15:46:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-14 15:46:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-14 15:46:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-14 15:46:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2011-12-27 21:30:02 -------- d-----w- c:\program files\PowerISO . ==================== Find3M ==================== . 2011-12-17 00:34:03 99328 ----a-w- c:\documents and settings\all users\application data\IntelOnlineNotifier.dll 2011-11-25 21:48:45 21504 ----a-w- c:\windows\jestertb.dll 2011-11-23 20:23:16 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-11-23 20:23:16 249856 ------w- c:\windows\Setup1.exe 2011-11-15 18:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys . ============= FINISH: 13:05:33.67 ===============