SonicLocutus Posted January 19, 2012 ID:518554 Share Posted January 19, 2012 Greetings,Looking for some expert help to remove the google redirect virus from computer. My searches in google get redirected to other websites like gimmeanswers.com, feed.buzzclick.com, etc. I have tried many malware removal programs but to no avail. Hopefully, one of the expert helpers here can assist me with removing this annoying virus. Please let me know what other information I can provide. My DDS Logs are follows:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25Run by Eric at 13:05:01 on 2012-01-19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1689 [GMT -6:00].FW: ZoneAlarm Firewall *Enabled*.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXEC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\program files\idt\intelxpv_v83\wdm\STacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Icons\Seticon.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Google\Google Earth\plugin\geplugin.exeC:\WINDOWS\system32\notepad.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100uInternet Settings,ProxyOverride = cdn;*.localuURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dllBHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exemRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [seticon] c:\program files\icons\Seticon.exemRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"dRun: [EPSON NX100 Series (from PEZZTOP)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S7.tmp" /EF "HKCU"dRun: [AdobeData] rundll32.exe "c:\documents and settings\eric\local settings\application data\adobe\adobedata\Adobedata.dll",DllRegisterServerdRun: [AppleData] rundll32.exe "c:\documents and settings\eric\local settings\application data\apple\appledata\Appledata.dll",DllRegisterServerdRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32dRunOnce: [RunNarrator] Narrator.exeIE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLLSP: c:\windows\system32\idmmbc.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 75.75.76.76 75.75.75.75TCP: Interfaces\{511F7647-4317-4AAB-B237-C251015E4910} : DhcpNameServer = 75.75.76.76 75.75.75.75Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\blc7h4sz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=FF - prefs.js: network.proxy.type - 0FF - component: c:\documents and settings\eric\application data\idm\idmmzcc3\components\idmmzcc.dllFF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - false.============= SERVICES / DRIVERS ===============.R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-19 532224]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 304464]R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 20952]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-11-15 746392].=============== Created Last 30 ================.2012-01-14 15:46:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll2012-01-14 15:46:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll2012-01-14 15:46:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll2012-01-14 15:46:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll2011-12-27 21:30:02 -------- d-----w- c:\program files\PowerISO.==================== Find3M ====================.2011-12-17 00:34:03 99328 ----a-w- c:\documents and settings\all users\application data\IntelOnlineNotifier.dll2011-11-25 21:48:45 21504 ----a-w- c:\windows\jestertb.dll2011-11-23 20:23:16 73216 ----a-w- c:\windows\ST6UNST.EXE2011-11-23 20:23:16 249856 ------w- c:\windows\Setup1.exe2011-11-15 18:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys.============= FINISH: 13:05:33.67 =============== Link to post Share on other sites More sharing options...
Larusso Posted January 20, 2012 ID:518658 Share Posted January 20, 2012 my name is Daniel and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please post the most recent Malwarebytes LogfileLaunch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.Please download Gmer from here and save it to your Desktop.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.Click the image to enlarge itIn the right panel, you will see several boxes that have been checked. Uncheck the following ...SectionsIAT/EATDrives/Partition other than Systemdrive (typically C:\)Show All (don't miss this one)[*]Then click the Scan button & wait for it to finish.[*]Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.[*]Save it where you can easily find it, such as your desktop**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please post in your next replyMBAM Logark.txt Link to post Share on other sites More sharing options...
SonicLocutus Posted January 20, 2012 Author ID:518744 Share Posted January 20, 2012 Guten Tag Daniel,Here is the MBAM Log for today:07:46:25 Eric MESSAGE Protection started successfully07:46:30 Eric MESSAGE IP Protection started successfullyHere are the Gmer results:GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-01-20 11:28:24Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e WDC_WD800JD-75MSA3 rev.10.01E04Running: ywbeuuw6.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\ugtdypog.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA2537534]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA2531782]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA25506DC]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA2537CC0]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA254AEB4]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA254B2A2]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA2554916]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA2537DF6]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA2532398]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA2551FE4]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA255193C]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA2549DF0]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA255293C]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA2552B44]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA2531FAA]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA254D1CE]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA254CDF8]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA25538D2]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA2553208]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA25370F4]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA25542A4]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA25377DC]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA253275C]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA2553E12]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA25510C4]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA254BF0A]SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA254BC86]---- Devices - GMER 1.0.15 ----Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)Device \FileSystem\Cdfs \Cdfs 9F5D5400---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@Model 159Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@Therad 42Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@MData 0x2B 0x8F 0x78 0x29 ...Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x99 0x57 0x06 0x44 ...Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xC3 0x78 0x17 0xE1 ...Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@Model 263Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@Therad 21Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@MData 0x73 0xD5 0xCF 0xB8 ...---- EOF - GMER 1.0.15 ----Danke, Link to post Share on other sites More sharing options...
Larusso Posted January 20, 2012 ID:518788 Share Posted January 20, 2012 You speak German ? Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.Please post in your next replyCombofix.txt Link to post Share on other sites More sharing options...
SonicLocutus Posted January 21, 2012 Author ID:518993 Share Posted January 21, 2012 Ja, aber mein Deutsch ist nicht so gut. Lassen Sie uns in Englisch gesprochen. After disabling all anti-virus/anti-malware software this is the results from ComboFix:ComboFix 12-01-19.02 - Eric 01/20/2012 22:54:21.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2191 [GMT -6:00]Running from: c:\documents and settings\Eric\Desktop\ComboFix.exeFW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\i63lg2m51mc:\documents and settings\All Users\Application Data\IntelOnlineNotifier.dllc:\documents and settings\Eric\Application Data\IDM\idmmzcc3c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\chrome.manifestc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jarc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\components\idmmzcc.dllc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xptc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\install.jsc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\install.rdfc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\manifest.mfc:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsac:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\zigbert.sfc:\documents and settings\Eric\Application Data\inst.exec:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifestc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome\xulcache.jarc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\defaults\preferences\xulcache.jsc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\install.rdfc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifestc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome\xulcache.jarc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\defaults\preferences\xulcache.jsc:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\install.rdfc:\documents and settings\Eric\Local Settings\Application Data\qkp.exec:\windows\jestertb.dllc:\windows\system32\SET9B.tmp..((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))..2012-01-20 22:24 . 2012-01-20 22:24 -------- d-----w- C:\sn0wbreeze2012-01-14 15:46 . 2012-01-14 15:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll2012-01-14 15:46 . 2012-01-14 15:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll2012-01-14 15:46 . 2012-01-14 15:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll2012-01-14 15:46 . 2012-01-14 15:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll2012-01-04 05:26 . 2012-01-04 07:41 -------- d-----w- c:\documents and settings\Eric\Application Data\Notepad++2012-01-04 05:26 . 2012-01-04 05:26 -------- d-----w- c:\program files\Notepad++2011-12-27 21:30 . 2011-12-27 21:30 -------- d-----w- c:\program files\PowerISO...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-23 20:23 . 2011-11-23 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE2011-11-23 20:23 . 2011-11-23 20:23 249856 ------w- c:\windows\Setup1.exe2011-11-15 18:40 . 2011-05-26 02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-15 03:50 . 2011-11-15 03:50 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys2012-01-14 15:46 . 2011-11-17 20:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]"Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]2011-11-15 20:29 896352 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WMPNetworkSvc"=3 (0x3)"JavaQuickStarterService"=2 (0x2)"iPod Service"=3 (0x3)"IDriverT"=3 (0x3)"Application Updater"=2 (0x2).[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="e:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="e:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"="c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\source sdk base 2007\\hl2.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousSam.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousEditor.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousModeler.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousSam.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousEditor.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousModeler.exe"="c:\\Program Files\\Xfire\\Xfire.exe"="e:\\Program Files\\Skype\\Phone\\Skype.exe"="e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="e:\\Program Files\\Steam\\steamapps\\sirpezz\\day of defeat source\\hl2.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="c:\\Program Files\\Cisco Packet Tracer 5.3.1\\bin\\PacketTracer5.exe"="e:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"="c:\\Program Files\\SoulseekNS\\slsk.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE_Unrestricted.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"="e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"="c:\\Documents and Settings\\M L\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="e:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\the ship\\ship.exe"="e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"="e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"="e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\day of defeat\\hl.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\counter-strike\\hl.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"="e:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"="e:\\Program Files\\Steam\\steamapps\\common\\moon base alpha\\Binaries\\Win32\\MoonBaseAlphaGame.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD.exe"="c:\\Documents and Settings\\M L\\Application Data\\Spotify\\spotify.exe"="c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26555:TCP"= 26555:TCP:BitComet 26555 TCP"26555:UDP"= 26555:UDP:BitComet 26555 UDP"10290:TCP"= 10290:TCP:BitComet 10290 TCP"10290:UDP"= 10290:UDP:BitComet 10290 UDP"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 2:59 PM 304464]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 2:59 PM 20952]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/8/2010 9:09 PM 47360]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/15/2011 2:22 PM 746392].Contents of the 'Scheduled Tasks' folder.2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58].2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100uInternet Settings,ProxyOverride = cdn;*.localIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\idmmbc.dllTCP: DhcpNameServer = 75.75.76.76 75.75.75.75FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=FF - prefs.js: network.proxy.type - 0FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - false.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)HKU-Default-Run-AdobeData - c:\documents and settings\Eric\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dllHKU-Default-Run-AppleData - c:\documents and settings\Eric\Local Settings\Application Data\Apple\AppleData\Appledata.dllMSConfigStartUp-IntelOnlineNotifier - c:\documents and settings\All Users\Application Data\IntelOnlineNotifier.dllAddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-01-20 23:01Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}]@Denied: (Full) (Everyone)"Model"=dword:0000009f"Therad"=dword:0000002a"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)"scansk"=hex(0):99,57,06,44,e7,51,82,f5,07,67,a1,d9,0e,b1,b9,b2,13,b7,97,25,a7, a2,90,98,b6,c5,e7,f7,2d,4c,bf,3a,1e,54,f2,8d,87,95,20,00,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):c3,78,17,e1,e4,2b,3e,2d,78,05,1a,b0,83,ce,f2,bc,ef,b8,55,80,f7, d3,45,be,7b,b3,d6,d0,d5,51,6c,83,a3,fc,f8,99,d9,06,89,89,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}]@Denied: (Full) (Everyone)"Model"=dword:00000107"Therad"=dword:00000015"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(780)c:\windows\system32\Ati2evxx.dllc:\windows\system32\atiadlxx.dll.- - - - - - - > 'lsass.exe'(836)c:\windows\system32\idmmbc.dll.Completion time: 2012-01-20 23:04:00ComboFix-quarantined-files.txt 2012-01-21 05:03.Pre-Run: 28,048,158,720 bytes freePost-Run: 28,112,314,368 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer.- - End Of File - - 2F8E829DC58462A42013E45095293A56 Link to post Share on other sites More sharing options...
Larusso Posted January 21, 2012 ID:519035 Share Posted January 21, 2012 Better than my english Are the redirections still present ?I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.Here are a few very good free Antivirus products which are available:Avast!Microsoft Security EssentialsSelect one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.Install, update definitions, and run a full system scan with the Anti-Virus of your choice.I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button. If an update is found, it will download and install the latest version.Once the program has loaded, select Perform Quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Save it to your desktop.Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OK"C:\Qoobox\Add-Remove Programs.txt"This will open a notepad window. Please post the content here.Please post in your next replyMBAM LogAdd-Remove Programs.txtNote all open issues Link to post Share on other sites More sharing options...
Larusso Posted January 23, 2012 ID:519581 Share Posted January 23, 2012 Hello, are you still with us?If you do not reply within 24 hours this topic will be closed. Link to post Share on other sites More sharing options...
SonicLocutus Posted January 23, 2012 Author ID:519719 Share Posted January 23, 2012 Yes I am still with you. I took a 2 day vacation.The redirects are no longer occuring, and windows updates have now resumed. Something must have cleaned the trojan.I have installed Avast! and it is working properly.Here is the MBAM log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 912012301Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/22/2012 8:24:12 PMmbam-log-2012-01-22 (20-24-12).txtScan type: Quick scanObjects scanned: 203633Time elapsed: 11 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here is the Add-Remove Programs.txt:2007 Microsoft Office Suite Service Pack 2 (SP2)abgx360 v1.0.2Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.1)AIM 7Alien SwarmApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerAudacity 1.2.6AVI To MP4 Converter 1.0Black Ice Tiff ViewerBonjourBoson NetSim for CCNP BETA 2bCall of Duty: Black OpsCall of Duty: Black Ops - MultiplayerCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCisco Packet Tracer 5.3.1Click to Call with SkypeComcast High-Speed Internet Install WizardCopyToy 7.2.1.0Day of Defeat: SourceDH Driver Cleaner Professional EditiondoPDF 7.2 printerDual-Core OptimizerDVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0EPSON NX100 Series Printer UninstallEPSON ScanGBalph NDSMovie Converter V1.00Google Earth Plug-inGoogle Talk (remove only)Google Update HelperHalf-Life 2: DeathmatchHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)iAPP CR-e500(CR-i500) Icons and DriversIDT AudioImgBurnIntel® Network Connections 13.5.32.0Internet Download ManageriTunesJava Auto UpdaterJava 6 Update 25JPG to PDF Converter 1.0Left 4 Dead 2Malwarebytes' Anti-MalwareMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2572067)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Moonbase AlphaMozilla Firefox 9.0.1 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton PartitionMagicNorton PartitionMagic 8.0Notepad++NVIDIA PhysX v8.10.29PDFCreatorpdfforge Toolbar v4.8Peggle DeluxePowerISOQuickTimeSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2553074)Security Update for 2007 Microsoft Office System (KB2553089)Security Update for 2007 Microsoft Office System (KB2553090)Security Update for 2007 Microsoft Office System (KB2584063)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft Office Access 2007 (KB979440)Security Update for Microsoft Office Excel 2007 (KB2553073)Security Update for Microsoft Office Groove 2007 (KB2552997)Security Update for Microsoft Office InfoPath 2007 (KB2510061)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2535818)Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)Security Update for Microsoft Office Publisher 2007 (KB2284697)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)SemSim Router SimulatorSerious Sam Classic: The First EncounterSerious Sam Classic: The Second EncounterSerious Sam HD: The First EncounterSerious Sam HD: The Second EncounterSkinsSkype™ 5.1Skype™ 5.5SoulSeek 157 NS 13eSpybot - Search & DestroySteamTeamSpeak 3 ClientUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office Outlook 2007 (KB2583910)Update for Outlook 2007 Junk Email Filter (KB2596560)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows Internet Explorer 8 (KB980302)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2641690)Update for Windows XP (KB898461)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Ventrilo ClientVLC media player 1.0.5Watchtower Library 2010 - EnglishWebFldrs XPWinDirStat 1.1.2Windows Internet Explorer 8WinRAR archiverXfire (remove only)Xilisoft Video Converter UltimateZoneAlarmDanke, Link to post Share on other sites More sharing options...
Larusso Posted January 23, 2012 ID:519785 Share Posted January 23, 2012 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Enviroment 6 Update 30 and save it to your desktop. Scroll down to where it says Java SE 6 Update 30 Click the red Download JRE button on the right. Read the License Agreement then select Accept License Agreement Click on the link to download Windows x86 Offline and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are three options in the window to clear the cache - Make sure all are checkedClick OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.Click OK to leave the Temporary Files WindowClick OK to leave the Java Control Panel.Go here to run an online scanner from ESET.Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checkedClick StartWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txtCopy and paste that log in your next reply.Please launch DDSWhen done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop and post both in your next replyPlease post in your next replylog.txtdds.txtattach.txt Link to post Share on other sites More sharing options...
SonicLocutus Posted January 25, 2012 Author ID:520385 Share Posted January 25, 2012 Log from EST scan:C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojanC:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojanC:\Documents and Settings\M L\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\Cache.Trash\D\94\EF26Fd01 JS/Kryptik.ES trojanC:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio applicationC:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio applicationC:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\IntelOnlineNotifier.dll.vir a variant of Win32/Kryptik.XNI trojanC:\Qoobox\Quarantine\C\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojanC:\Qoobox\Quarantine\C\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojanC:\Qoobox\Quarantine\C\Documents and Settings\Eric\Local Settings\Application Data\qkp.exe.vir a variant of Win32/Kryptik.XMW trojanE:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9A6N7L2O\rqmqzmkmkm[1].htm JS/Agent.NCU trojanE:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UKCNABLK\main[1].htm JS/Fraud.NAC trojanE:\Documents and Settings\PezZ\My Documents\aim593702.exe Win32/Adware.WBug.A applicationE:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A applicationDDS:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0Run by Eric at 7:35:33 on 2012-01-25Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2134 [GMT -6:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Firewall *Enabled*.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXEC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Icons\Seticon.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\program files\idt\intelxpv_v83\wdm\STacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTEDA.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\AVAST Software\Avast\setup\avast.setup.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100uInternet Settings,ProxyOverride = cdn;*.localBHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exemRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [seticon] c:\program files\icons\Seticon.exemRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguidRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32dRunOnce: [RunNarrator] Narrator.exeIE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLLSP: c:\windows\system32\idmmbc.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 75.75.76.76 75.75.75.75TCP: Interfaces\{511F7647-4317-4AAB-B237-C251015E4910} : DhcpNameServer = 75.75.76.76 75.75.75.75Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\blc7h4sz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=FF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - false.============= SERVICES / DRIVERS ===============.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-22 435032]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-22 314456]R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-19 532224]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-22 20568]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-22 44768]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 304464]R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 20952]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-11-15 746392].=============== Created Last 30 ================.2012-01-25 04:46:40 -------- d-----w- c:\program files\ESET2012-01-25 04:43:29 -------- d-----w- c:\documents and settings\eric\local settings\application data\Sun2012-01-24 03:48:49 -------- d-----w- c:\windows\system32\appmgmt2012-01-24 00:29:32 637848 ----a-w- c:\windows\system32\npdeployJava1.dll2012-01-23 04:08:51 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-01-23 04:04:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-01-23 04:04:33 41184 ----a-w- c:\windows\avastSS.scr2012-01-23 04:04:23 -------- d-----w- c:\program files\AVAST Software2012-01-23 04:04:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software2012-01-21 04:49:23 -------- d-sha-r- C:\cmdcons2012-01-21 04:46:28 98816 ----a-w- c:\windows\sed.exe2012-01-21 04:46:28 518144 ----a-w- c:\windows\SWREG.exe2012-01-21 04:46:28 256000 ----a-w- c:\windows\PEV.exe2012-01-21 04:46:28 208896 ----a-w- c:\windows\MBR.exe2012-01-20 22:24:10 -------- d-----w- C:\sn0wbreeze2012-01-14 15:46:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll2012-01-14 15:46:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll2012-01-14 15:46:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll2012-01-14 15:46:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll2011-12-27 21:30:02 -------- d-----w- c:\program files\PowerISO.==================== Find3M ====================.2012-01-24 00:29:14 141312 ----a-w- c:\windows\system32\javacpl.cpl2012-01-24 00:29:13 567184 ----a-w- c:\windows\system32\deployJava1.dll2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 20:23:16 73216 ----a-w- c:\windows\ST6UNST.EXE2011-11-23 20:23:16 249856 ------w- c:\windows\Setup1.exe2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe2011-11-15 18:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec2011-11-03 15:27:33 386048 ----a-w- c:\windows\system32\qdvd.dll2011-11-03 15:27:33 1292288 ----a-w- c:\windows\system32\quartz.dll2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll.============= FINISH: 7:37:09.21 ===============Attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 4/27/2010 11:17:28 PMSystem Uptime: 1/24/2012 7:27:35 AM (24 hours ago).Motherboard: Intel Corporation | | DX48BT2Processor: Intel® Core2 CPU 6600 @ 2.40GHz | CPU1 | 2400/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 74 GiB total, 28.755 GiB free.D: is CDROM (UDF)E: is FIXED (NTFS) - 932 GiB total, 266.949 GiB free.J: is Removable.==== Disabled Device Manager Items =============.Class GUID: {36FC9E60-C465-11CF-8056-444553540000}Description: USB Mass Storage DeviceDevice ID: USB\VID_10DF&PID_0500\042000004AC8Manufacturer: Compatible USB storage deviceName: USB Mass Storage DevicePNP Device ID: USB\VID_10DF&PID_0500\042000004AC8Service: USBSTOR.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: SM Bus ControllerDevice ID: PCI\VEN_8086&DEV_2930&SUBSYS_54428086&REV_02\3&61AAA01&0&FBManufacturer:Name: SM Bus ControllerPNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_54428086&REV_02\3&61AAA01&0&FBService:.==== System Restore Points ===================.RP457: 1/23/2012 11:45:40 AM - Software Distribution Service 3.0RP458: 1/23/2012 6:29:06 PM - Installed Java 7 Update 2RP459: 1/23/2012 9:48:08 PM - Removed Java 6 Update 25RP460: 1/23/2012 9:52:15 PM - Removed GBalph NDSMovie Converter V1.00RP461: 1/24/2012 9:52:26 PM - System Checkpoint.==== Installed Programs ======================..2007 Microsoft Office Suite Service Pack 2 (SP2)abgx360 v1.0.2Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.1)AIM 7Apple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerAudacity 1.2.6avast! Free AntivirusAVI To MP4 Converter 1.0Black Ice Tiff ViewerBonjourBoson NetSim for CCNP BETA 2bCall of Duty: Black OpsCall of Duty: Black Ops - MultiplayerCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCisco Packet Tracer 5.3.1Click to Call with SkypeCopyToy 7.2.1.0Day of Defeat: SourceDH Driver Cleaner Professional EditiondoPDF 7.2 printerDual-Core OptimizerDVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0EPSON NX100 Series Printer UninstallEPSON ScanESET Online Scanner v3Google Earth Plug-inGoogle Talk (remove only)Google Update HelperHalf-Life 2: DeathmatchHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)iAPP CR-e500(CR-i500) Icons and DriversIDT AudioImgBurnIntel® Network Connections 13.5.32.0Internet Download ManageriTunesJava Auto UpdaterJava 7 Update 2JPG to PDF Converter 1.0Left 4 Dead 2Malwarebytes' Anti-MalwareMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 9.0.1 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton PartitionMagicNorton PartitionMagic 8.0Notepad++NVIDIA PhysX v8.10.29PDFCreatorpdfforge Toolbar v4.8Peggle DeluxePowerISOQuickTimeSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2553089)Security Update for 2007 Microsoft Office System (KB2553090)Security Update for 2007 Microsoft Office System (KB2584063)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office Access 2007 (KB979440)Security Update for Microsoft Office Groove 2007 (KB2552997)Security Update for Microsoft Office InfoPath 2007 (KB2510061)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)SemSim Router SimulatorSerious Sam Classic: The First EncounterSerious Sam Classic: The Second EncounterSerious Sam HD: The First EncounterSerious Sam HD: The Second EncounterSkinsSkype™ 5.1Skype™ 5.5SoulSeek 157 NS 13eSpybot - Search & DestroySteamTeamSpeak 3 ClientUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596686) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596789) 32-Bit EditionUpdate for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit EditionUpdate for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office Outlook 2007 (KB2583910)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows Internet Explorer 8 (KB980302)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2641690)Update for Windows XP (KB898461)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Ventrilo ClientVLC media player 1.0.5Watchtower Library 2010 - EnglishWebFldrs XPWinDirStat 1.1.2Windows Internet Explorer 8WinRAR archiverXfire (remove only)Xilisoft Video Converter UltimateZoneAlarm.==== Event Viewer Messages From Past Week ========.1/23/2012 9:25:23 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).1/23/2012 11:44:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ComboFix.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.1/22/2012 7:37:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.1/22/2012 7:37:44 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/22/2012 10:15:31 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal.1/20/2012 10:46:04 PM, error: Service Control Manager [7034] - The EPSON V5 Service4(01) service terminated unexpectedly. It has done this 1 time(s).1/20/2012 10:46:04 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).1/18/2012 7:29:36 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D..==== End Of File ===========================Thanks, Link to post Share on other sites More sharing options...
Larusso Posted January 25, 2012 ID:520465 Share Posted January 25, 2012 Open notepad and copy/paste the text in the Code-box below into it:Folder::C:\Program Files\Common Files\SpigotFile::C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifestC:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifestClearJavaCache:: Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Please post in your next replyCombofix.txtHow is your system behaving now ? Link to post Share on other sites More sharing options...
SonicLocutus Posted January 26, 2012 Author ID:520569 Share Posted January 26, 2012 Here is the new Combofix log:ComboFix 12-01-23.02 - Eric 01/25/2012 23:15:31.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2479 [GMT -6:00]Running from: c:\documents and settings\Eric\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Eric\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}.FILE ::"c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest""c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifestc:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifestc:\program files\Common Files\Spigotc:\program files\Common Files\Spigot\Search Settings\baidu_ff.xmlc:\program files\Common Files\Spigot\Search Settings\baidu_ie.xmlc:\program files\Common Files\Spigot\Search Settings\config.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1031.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1033.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1034.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1036.inic:\program files\Common Files\Spigot\Search Settings\Lang\res1040.inic:\program files\Common Files\Spigot\Search Settings\SearchSettings.exec:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xmlc:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xmlc:\program files\Common Files\Spigot\Search Settings\yandex_ff.xmlc:\program files\Common Files\Spigot\Search Settings\yandex_ie.xmlc:\program files\Common Files\Spigot\wtxpcom\chrome.manifestc:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xptc:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xptc:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dllc:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9c:\program files\Common Files\Spigot\wtxpcom\install.rdf..((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))..2012-01-25 04:46 . 2012-01-25 04:46 -------- d-----w- c:\program files\ESET2012-01-25 04:43 . 2012-01-25 04:43 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Sun2012-01-24 00:29 . 2012-01-24 00:29 -------- d-----w- c:\program files\Common Files\Java2012-01-24 00:29 . 2012-01-24 00:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll2012-01-23 04:08 . 2012-01-23 04:08 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-01-23 04:04 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-01-23 04:04 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-01-23 04:04 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys2012-01-23 04:04 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-01-23 04:04 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-01-23 04:04 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys2012-01-23 04:04 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys2012-01-23 04:04 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys2012-01-23 04:04 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr2012-01-23 04:04 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe2012-01-23 04:04 . 2012-01-23 04:04 -------- d-----w- c:\program files\AVAST Software2012-01-23 04:04 . 2012-01-23 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software2012-01-20 22:24 . 2012-01-20 22:24 -------- d-----w- C:\sn0wbreeze2012-01-14 15:46 . 2012-01-14 15:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll2012-01-14 15:46 . 2012-01-14 15:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll2012-01-14 15:46 . 2012-01-14 15:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll2012-01-14 15:46 . 2012-01-14 15:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll2012-01-04 05:26 . 2012-01-04 07:41 -------- d-----w- c:\documents and settings\Eric\Application Data\Notepad++2012-01-04 05:26 . 2012-01-04 05:26 -------- d-----w- c:\program files\Notepad++2011-12-27 21:30 . 2011-12-27 21:30 -------- d-----w- c:\program files\PowerISO...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-24 00:29 . 2011-05-09 13:20 141312 ----a-w- c:\windows\system32\javacpl.cpl2012-01-24 00:29 . 2011-05-09 13:20 567184 ----a-w- c:\windows\system32\deployJava1.dll2011-11-25 21:57 . 2008-04-14 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 20:23 . 2011-11-23 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE2011-11-23 20:23 . 2011-11-23 20:23 249856 ------w- c:\windows\Setup1.exe2011-11-23 13:25 . 2008-04-14 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35 . 2008-04-14 08:00 60416 ----a-w- c:\windows\system32\packager.exe2011-11-15 18:40 . 2011-05-26 02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-15 03:50 . 2011-11-15 03:50 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys2011-11-04 19:20 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20 . 2008-04-23 00:16 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec2011-11-03 15:27 . 2008-07-12 19:09 1292288 ----a-w- c:\windows\system32\quartz.dll2011-11-03 15:27 . 2008-04-14 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll2011-11-01 16:07 . 2008-04-14 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31 . 2008-04-14 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll2012-01-14 15:46 . 2011-11-17 20:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((( SnapShot@2012-01-21_05.01.16 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll- 2009-07-11 19:32 . 2009-07-11 19:32 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll- 2009-07-11 19:32 . 2009-07-11 19:32 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll- 2009-07-11 19:32 . 2009-07-11 19:32 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll- 2009-07-11 19:32 . 2009-07-11 19:32 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll- 2009-07-11 19:32 . 2009-07-11 19:32 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll- 2009-07-11 19:32 . 2009-07-11 19:32 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll- 2009-07-11 19:32 . 2009-07-11 19:32 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll- 2009-07-11 19:32 . 2009-07-11 19:32 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll- 2009-07-11 19:32 . 2009-07-11 19:32 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll- 2009-07-11 19:32 . 2009-07-11 19:32 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll- 2009-07-11 19:32 . 2009-07-11 19:32 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll- 2009-07-11 19:32 . 2009-07-11 19:32 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll- 2009-07-11 19:35 . 2009-07-11 19:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll- 2009-07-11 19:35 . 2009-07-11 19:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll+ 2012-01-25 20:05 . 2012-01-25 20:05 16384 c:\windows\temp\Perflib_Perfdata_824.dat+ 2008-07-12 19:08 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe- 2008-07-12 19:08 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe+ 2008-04-14 08:00 . 2012-01-23 04:38 72486 c:\windows\system32\perfc009.dat- 2008-04-14 08:00 . 2011-11-07 15:53 72486 c:\windows\system32\perfc009.dat- 2008-04-23 00:16 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll- 2008-04-23 00:16 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll+ 2008-04-14 08:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll- 2008-04-14 08:00 . 2008-04-14 08:00 23040 c:\windows\system32\mciseq.dll- 2008-04-23 00:16 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll+ 2010-04-26 07:49 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll- 2010-04-26 07:49 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll+ 2008-04-14 08:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe+ 2008-04-23 00:16 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll- 2008-04-23 00:16 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll- 2010-04-28 04:15 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll+ 2010-04-28 04:15 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll+ 2008-04-14 08:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll- 2008-04-14 08:00 . 2008-04-14 08:00 23040 c:\windows\system32\dllcache\mciseq.dll- 2008-07-12 19:10 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2008-07-12 19:10 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll- 2008-04-23 00:16 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll+ 2008-04-14 08:00 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll- 2008-04-14 08:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe- 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll- 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll- 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll- 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll- 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll- 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll- 2010-08-04 16:20 . 2011-10-21 16:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe- 2010-08-04 16:20 . 2011-10-21 16:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe- 2010-08-04 16:20 . 2011-10-21 16:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe+ 2012-01-23 04:38 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_566feda3\System.Drawing.Design.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_783e3207\CustomMarshalers.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2011-10-21 16:25 . 2011-10-21 16:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2011-10-21 16:25 . 2011-10-21 16:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2011-10-21 16:26 . 2011-10-21 16:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2011-10-21 16:25 . 2011-10-21 16:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll- 2011-10-21 16:25 . 2011-10-21 16:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll- 2011-10-21 16:25 . 2011-10-21 16:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll- 2011-10-21 16:26 . 2011-10-21 16:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2011-10-21 16:25 . 2011-10-21 16:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll- 2011-10-21 16:25 . 2011-10-21 16:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll- 2011-10-21 16:25 . 2011-10-21 16:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll- 2011-10-21 16:25 . 2011-10-21 16:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll- 2011-10-21 16:25 . 2011-10-21 16:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll- 2011-10-21 16:25 . 2011-10-21 16:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll- 2011-10-21 16:16 . 2011-10-21 16:16 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll+ 2012-01-23 04:40 . 2012-01-23 04:40 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll- 2011-10-21 16:25 . 2011-10-21 16:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll- 2011-10-21 16:25 . 2011-10-21 16:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll- 2011-10-21 16:26 . 2011-10-21 16:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2012-01-23 04:37 . 2012-01-23 04:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2011-10-21 16:25 . 2011-10-21 16:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll- 2011-10-21 16:25 . 2011-10-21 16:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll- 2011-10-21 16:25 . 2011-10-21 16:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll- 2009-07-11 19:32 . 2009-07-11 19:32 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll- 2009-07-11 19:32 . 2009-07-11 19:32 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll- 2009-07-11 19:35 . 2009-07-11 19:35 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll- 2009-07-11 19:32 . 2009-07-11 19:32 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll+ 2008-04-14 08:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll- 2008-04-14 08:00 . 2008-04-14 08:00 176128 c:\windows\system32\winmm.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll- 2008-04-23 00:16 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll+ 2008-04-14 08:00 . 2012-01-23 04:38 444354 c:\windows\system32\perfh009.dat- 2008-04-14 08:00 . 2011-11-07 15:53 444354 c:\windows\system32\perfh009.dat+ 2008-04-23 00:16 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll- 2008-04-23 00:16 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll- 2008-04-23 00:16 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll- 2008-04-23 00:16 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll+ 2012-01-24 00:29 . 2012-01-24 00:29 223112 c:\windows\system32\javaws.exe+ 2012-01-24 00:29 . 2012-01-24 00:29 173960 c:\windows\system32\javaw.exe+ 2012-01-24 00:29 . 2012-01-24 00:29 173960 c:\windows\system32\java.exe- 2008-07-12 19:10 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll+ 2008-07-12 19:10 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll- 2008-04-23 00:16 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll+ 2008-04-22 03:39 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe- 2008-04-22 03:39 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe+ 2010-04-27 23:05 . 2012-01-23 15:22 266208 c:\windows\system32\FNTCACHE.DAT- 2010-04-27 23:05 . 2011-10-21 16:31 266208 c:\windows\system32\FNTCACHE.DAT+ 2008-04-14 08:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll- 2008-04-14 08:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll- 2008-04-14 08:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll+ 2008-04-14 08:00 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll+ 2008-04-14 08:00 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll- 2008-04-14 08:00 . 2008-04-14 08:00 176128 c:\windows\system32\dllcache\winmm.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll- 2008-04-23 00:16 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll+ 2008-04-14 08:00 . 2011-11-03 15:27 386048 c:\windows\system32\dllcache\qdvd.dll- 2008-04-14 08:00 . 2008-04-14 08:00 386048 c:\windows\system32\dllcache\qdvd.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll- 2008-04-23 00:16 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll- 2008-04-23 00:16 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll- 2010-04-28 04:15 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll+ 2010-04-28 04:15 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll- 2010-04-26 07:49 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll+ 2010-04-26 07:49 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll- 2008-07-12 19:10 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll+ 2008-07-12 19:10 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll+ 2010-06-09 03:04 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll- 2010-06-09 03:04 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll- 2008-04-23 00:16 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2008-04-22 03:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe- 2008-04-22 03:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe- 2008-04-14 08:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll+ 2008-04-14 08:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll- 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll- 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll- 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\a1f216.msp+ 2012-01-24 00:29 . 2012-01-24 00:29 176128 c:\windows\Installer\1f49ddc.msi+ 2012-01-24 00:29 . 2012-01-24 00:29 938496 c:\windows\Installer\1f49dcc.msi+ 2010-08-04 16:20 . 2012-01-23 04:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe- 2010-08-04 16:20 . 2011-10-21 16:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe- 2010-08-04 16:20 . 2011-10-21 16:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe- 2010-08-04 16:20 . 2011-10-21 16:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe- 2010-08-04 16:20 . 2011-10-21 16:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe- 2010-08-04 16:20 . 2011-10-21 16:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe- 2010-08-04 16:20 . 2011-10-21 16:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe- 2010-08-04 16:20 . 2011-10-21 16:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe+ 2012-01-23 04:38 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll+ 2012-01-23 04:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll+ 2012-01-23 04:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe+ 2012-01-23 04:38 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll+ 2012-01-23 04:38 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe+ 2012-01-23 04:41 . 2012-01-23 04:41 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_602b20b7\System.Drawing.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ac341452\System.Drawing.Design.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e773a7b1\CustomMarshalers.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll+ 2012-01-23 04:45 . 2012-01-23 04:45 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll+ 2012-01-23 04:44 . 2012-01-23 04:44 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe+ 2012-01-23 04:43 . 2012-01-23 04:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2011-10-21 16:25 . 2011-10-21 16:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2011-10-21 16:25 . 2011-10-21 16:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll- 2011-10-21 16:25 . 2011-10-21 16:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll- 2011-10-21 16:25 . 2011-10-21 16:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2011-06-24 06:23 . 2011-10-21 16:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll- 2011-10-21 16:26 . 2011-10-21 16:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2011-10-21 16:25 . 2011-10-21 16:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2011-10-21 16:25 . 2011-10-21 16:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll- 2011-10-21 16:25 . 2011-10-21 16:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll- 2011-10-21 16:26 . 2011-10-21 16:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll- 2011-10-21 16:26 . 2011-10-21 16:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll- 2011-10-21 16:26 . 2011-10-21 16:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2011-10-21 16:26 . 2011-10-21 16:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll- 2011-10-21 16:25 . 2011-10-21 16:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2011-10-21 16:25 . 2011-10-21 16:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll- 2011-10-21 16:25 . 2011-10-21 16:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2011-10-21 16:25 . 2011-10-21 16:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll- 2011-10-21 16:25 . 2011-10-21 16:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll- 2011-10-21 16:25 . 2011-10-21 16:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2011-10-21 16:25 . 2011-10-21 16:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2011-10-21 16:25 . 2011-10-21 16:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll- 2011-10-21 16:25 . 2011-10-21 16:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll- 2011-10-21 16:26 . 2011-10-21 16:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2012-01-23 04:44 . 2012-01-23 04:44 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll- 2009-07-11 19:32 . 2009-07-11 19:32 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll- 2009-07-11 19:32 . 2009-07-11 19:32 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll- 2008-04-23 00:16 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll+ 2008-04-14 08:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe- 2008-04-14 08:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe+ 2008-04-14 04:01 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe- 2008-04-14 04:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe+ 2008-04-23 22:16 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll- 2008-04-23 00:16 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll+ 2008-04-14 08:00 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys+ 2008-04-23 00:16 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll- 2008-04-23 00:16 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll+ 2008-07-12 19:09 . 2011-11-03 15:27 1292288 c:\windows\system32\dllcache\quartz.dll+ 2008-04-14 08:00 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll+ 2010-04-26 07:22 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe- 2010-04-26 07:22 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe- 2010-04-26 07:22 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe+ 2010-04-26 07:22 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe- 2010-04-26 07:22 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe+ 2010-04-26 07:22 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe+ 2008-04-23 22:16 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll- 2010-04-28 04:15 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll+ 2010-04-28 04:15 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll- 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll- 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll- 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll- 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll+ 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\a1f22f.msp+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\a1f1f5.msp+ 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\a1f1ea.msp+ 2011-11-11 22:14 . 2011-11-11 22:14 9096192 c:\windows\Installer\a1f1d3.msp+ 2011-11-01 19:34 . 2011-11-01 19:34 4225536 c:\windows\Installer\a1f1bc.msp+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\a1f1a0.msp+ 2011-11-11 22:15 . 2011-11-11 22:15 1795584 c:\windows\Installer\a1f189.msp+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\a1f172.msp+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\a1f15b.msp+ 2010-08-04 16:20 . 2012-01-23 04:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe- 2010-08-04 16:20 . 2011-10-21 16:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe- 2010-08-04 16:20 . 2011-10-21 16:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe+ 2010-08-04 16:20 . 2012-01-23 04:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe+ 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE+ 2012-01-23 04:38 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll+ 2012-01-23 04:38 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll+ 2012-01-23 04:38 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll+ 2010-04-26 07:22 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe- 2010-04-26 07:22 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe+ 2010-04-26 07:22 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe- 2010-04-26 07:22 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe- 2010-04-26 07:22 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe+ 2010-04-26 07:22 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe+ 2012-01-23 04:41 . 2012-01-23 04:41 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ee08f8c4\System.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_59207b29\System.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4733ddc5\System.Xml.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3a9bd1aa\System.Xml.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f173c56a\System.Windows.Forms.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_42524f61\System.Windows.Forms.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_dd488e70\System.Drawing.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9f0ad762\System.Design.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_90ea9f6b\System.Design.dll+ 2012-01-23 04:41 . 2012-01-23 04:42 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8baeb66f\mscorlib.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_63c1086c\mscorlib.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll+ 2012-01-23 15:36 . 2012-01-23 15:36 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll+ 2012-01-23 04:43 . 2012-01-23 04:43 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll+ 2012-01-23 04:44 . 2012-01-23 04:44 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll- 2011-10-21 16:26 . 2011-10-21 16:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll- 2011-10-21 16:26 . 2011-10-21 16:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2011-10-21 16:25 . 2011-10-21 16:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2010-11-02 15:49 . 2010-11-02 15:49 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll+ 2012-01-23 04:41 . 2012-01-23 04:41 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll- 2011-10-21 16:25 . 2011-10-21 16:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll- 2011-10-21 16:26 . 2011-10-21 16:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll+ 2012-01-23 04:37 . 2012-01-23 04:37 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll- 2011-06-24 06:23 . 2011-10-21 16:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll- 2011-10-21 16:16 . 2011-10-21 16:16 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll+ 2012-01-23 04:40 . 2012-01-23 04:40 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll+ 2012-01-23 04:40 . 2012-01-23 04:40 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll+ 2012-01-23 04:40 . 2012-01-23 04:40 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll+ 2010-04-26 07:47 . 2012-01-04 23:15 52128560 c:\windows\system32\MRT.exe- 2008-04-23 00:16 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll+ 2008-04-23 00:16 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll+ 2010-04-28 04:15 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll- 2010-04-28 04:15 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\a1f20f.msp+ 2012-01-23 04:38 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll+ 2012-01-23 15:35 . 2012-01-23 15:35 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll+ 2012-01-23 04:44 . 2012-01-23 04:44 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll+ 2012-01-23 04:40 . 2012-01-23 04:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]"Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WMPNetworkSvc"=3 (0x3)"JavaQuickStarterService"=2 (0x2)"iPod Service"=3 (0x3)"IDriverT"=3 (0x3)"Application Updater"=2 (0x2).[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="e:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\source sdk base 2007\\hl2.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousSam.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousEditor.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousModeler.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousSam.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousEditor.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousModeler.exe"="c:\\Program Files\\Xfire\\Xfire.exe"="e:\\Program Files\\Skype\\Phone\\Skype.exe"="e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="e:\\Program Files\\Steam\\steamapps\\sirpezz\\day of defeat source\\hl2.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="c:\\Program Files\\Cisco Packet Tracer 5.3.1\\bin\\PacketTracer5.exe"="e:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"="c:\\Program Files\\SoulseekNS\\slsk.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE_Unrestricted.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"="e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"="c:\\Documents and Settings\\M L\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\the ship\\ship.exe"="e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"="e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"="e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\day of defeat\\hl.exe"="e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\counter-strike\\hl.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"="e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"="e:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"="e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD.exe"="c:\\Documents and Settings\\M L\\Application Data\\Spotify\\spotify.exe"="c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26555:TCP"= 26555:TCP:BitComet 26555 TCP"26555:UDP"= 26555:UDP:BitComet 26555 UDP"10290:TCP"= 10290:TCP:BitComet 10290 TCP"10290:UDP"= 10290:UDP:BitComet 10290 UDP"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/22/2012 10:04 PM 435032]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/22/2012 10:04 PM 314456]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/22/2012 10:04 PM 20568]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 2:59 PM 304464]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 2:59 PM 20952]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/8/2010 9:09 PM 47360]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/15/2011 2:22 PM 746392].Contents of the 'Scheduled Tasks' folder.2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58].2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100uInternet Settings,ProxyOverride = cdn;*.localIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\idmmbc.dllTCP: DhcpNameServer = 75.75.76.76 75.75.75.75FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=FF - prefs.js: network.proxy.type - 0FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - false.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-01-25 23:28Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}]@Denied: (Full) (Everyone)"Model"=dword:0000009f"Therad"=dword:0000002a"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)"scansk"=hex(0):99,57,06,44,e7,51,82,f5,07,67,a1,d9,0e,b1,b9,b2,13,b7,97,25,a7, a2,90,98,b6,c5,e7,f7,2d,4c,bf,3a,1e,54,f2,8d,87,95,20,00,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):c3,78,17,e1,e4,2b,3e,2d,78,05,1a,b0,83,ce,f2,bc,ef,b8,55,80,f7, d3,45,be,7b,b3,d6,d0,d5,51,6c,83,a3,fc,f8,99,d9,06,89,89,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}]@Denied: (Full) (Everyone)"Model"=dword:00000107"Therad"=dword:00000015"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(824)c:\windows\system32\Ati2evxx.dllc:\windows\system32\atiadlxx.dll.- - - - - - - > 'lsass.exe'(880)c:\windows\system32\idmmbc.dll.Completion time: 2012-01-25 23:33:06ComboFix-quarantined-files.txt 2012-01-26 05:33ComboFix2.txt 2012-01-21 05:04.Pre-Run: 30,523,707,392 bytes freePost-Run: 30,533,656,576 bytes free.- - End Of File - - F823BD7197FB9EC469B4D958393DA1EEMy system is now running smoother, no more redirects during google searches.Thanks, Link to post Share on other sites More sharing options...
Larusso Posted January 26, 2012 ID:520579 Share Posted January 26, 2012 Hy there,I want to be sure that those files are not recreated again. Please update Malwarebytes and perform a Full Scan.Remove all detections and post the log in your next reply Link to post Share on other sites More sharing options...
SonicLocutus Posted January 27, 2012 Author ID:520875 Share Posted January 27, 2012 Here is the latest full scan log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 912012606Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/26/2012 10:40:45 PMmbam-log-2012-01-26 (22-40-45).txtScan type: Full scan (C:\|)Objects scanned: 274219Time elapsed: 1 hour(s), 51 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\SoftwareDistribution\Download\3196d77b689e5d019e8a4f6e9048fd78650823de (Trojan.Llac) -> Quarantined and deleted successfully.Thanks, Link to post Share on other sites More sharing options...
Larusso Posted January 27, 2012 ID:520877 Share Posted January 27, 2012 Unless you have any open issues, you are good to go. Please follow these last few steps.Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OKcombofix /uninstallThis will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.Empty your Recycle Bin if it does not do so automatically.Now that you appear to be free from malware lets help you stay that way!It is vital that you keep your system up to datePlease enable Automatic Updates to keep your system up to date. Windows UpdatesWin XP: Start --> Control Panel and double- click on Automatic Updates.Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates[*] Software UpdatesYour installed Software also can have vulnerabilities that malware can use to infect your system.To keep your installed Software up to date I recommend File Hippo.Anti Virus Software Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.Additional Protection Malwarebytes Anti MalwareThe freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features. WinPatrolWinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. Safer Browsing Web of Trust ( WOT )This software helps you to stay away from sites that have malicious purposes. SpywareBlasterThis software helps prevent the installation of ActiveX-based spyware MVPS Hosts fileThis Hosts File will restrict known ad sites from serving you unsolicited advertisements.Use an alternate browserOther browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer. Opera FirefoxNote: If you use Firefox you may want to have a look on this Add Ons. AdblockPlus ( Blocks advertisments ) NoScript ( Blocks Java, Flash and JavaScript )Computer MaintenanceClean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).Thinking while surfingThere is no software which will protect your system from yourself.I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet. Staying Safe on the Internet ( by Glaswegian ) Making Internet Explorer Safer. Think Prevention!If you have any questions kindly ask.Please respond to this thread one more time so we can mark this thread as resolved. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 1, 2012 ID:522614 Share Posted February 1, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts