Jump to content

Need Expert Help - DNS Redirect Virus


Recommended Posts

Greetings,

Looking for some expert help to remove the google redirect virus from computer. My searches in google get redirected to other websites like gimmeanswers.com, feed.buzzclick.com, etc. I have tried many malware removal programs but to no avail. Hopefully, one of the expert helpers here can assist me with removing this annoying virus. Please let me know what other information I can provide. My DDS Logs are follows:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by Eric at 13:05:01 on 2012-01-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1689 [GMT -6:00]

.

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\idt\intelxpv_v83\wdm\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Icons\Seticon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Google\Google Earth\plugin\geplugin.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100

uInternet Settings,ProxyOverride = cdn;*.local

uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dll

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.8\pdfforgeToolbarIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [seticon] c:\program files\icons\Seticon.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

dRun: [EPSON NX100 Series (from PEZZTOP)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S7.tmp" /EF "HKCU"

dRun: [AdobeData] rundll32.exe "c:\documents and settings\eric\local settings\application data\adobe\adobedata\Adobedata.dll",DllRegisterServer

dRun: [AppleData] rundll32.exe "c:\documents and settings\eric\local settings\application data\apple\appledata\Appledata.dll",DllRegisterServer

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [RunNarrator] Narrator.exe

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\windows\system32\idmmbc.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{511F7647-4317-4AAB-B237-C251015E4910} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\blc7h4sz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\eric\application data\idm\idmmzcc3\components\idmmzcc.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

============= SERVICES / DRIVERS ===============

.

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-19 532224]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 304464]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 20952]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]

S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-11-15 746392]

.

=============== Created Last 30 ================

.

2012-01-14 15:46:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-01-14 15:46:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-01-14 15:46:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-01-14 15:46:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2011-12-27 21:30:02 -------- d-----w- c:\program files\PowerISO

.

==================== Find3M ====================

.

2011-12-17 00:34:03 99328 ----a-w- c:\documents and settings\all users\application data\IntelOnlineNotifier.dll

2011-11-25 21:48:45 21504 ----a-w- c:\windows\jestertb.dll

2011-11-23 20:23:16 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-11-23 20:23:16 249856 ------w- c:\windows\Setup1.exe

2011-11-15 18:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

============= FINISH: 13:05:33.67 ===============

Link to post
Share on other sites

:welcome:

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please post the most recent Malwarebytes Logfile

Launch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.

Please download Gmer from here and save it to your Desktop.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Then click the Scan button & wait for it to finish.

    [*]Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*]Save it where you can easily find it, such as your desktop

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please post in your next reply

MBAM Log

ark.txt

Link to post
Share on other sites

Guten Tag Daniel,

Here is the MBAM Log for today:

07:46:25 Eric MESSAGE Protection started successfully

07:46:30 Eric MESSAGE IP Protection started successfully

Here are the Gmer results:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-01-20 11:28:24

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e WDC_WD800JD-75MSA3 rev.10.01E04

Running: ywbeuuw6.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\ugtdypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA2537534]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA2531782]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA25506DC]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA2537CC0]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA254AEB4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA254B2A2]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA2554916]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA2537DF6]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA2532398]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA2551FE4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA255193C]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA2549DF0]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA255293C]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA2552B44]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA2531FAA]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA254D1CE]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA254CDF8]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA25538D2]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA2553208]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA25370F4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA25542A4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA25377DC]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA253275C]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA2553E12]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA25510C4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA254BF0A]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA254BC86]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \FileSystem\Cdfs \Cdfs 9F5D5400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@Model 159

Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@Therad 42

Reg HKLM\SOFTWARE\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}@MData 0x2B 0x8F 0x78 0x29 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x99 0x57 0x06 0x44 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xC3 0x78 0x17 0xE1 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@Model 263

Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@Therad 21

Reg HKLM\SOFTWARE\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}@MData 0x73 0xD5 0xCF 0xB8 ...

---- EOF - GMER 1.0.15 ----

Danke,

Link to post
Share on other sites

You speak German ? :D

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC_update.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cfRC_screen_2.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Please post in your next reply

Combofix.txt

Link to post
Share on other sites

Ja, aber mein Deutsch ist nicht so gut. Lassen Sie uns in Englisch gesprochen. :lol:

After disabling all anti-virus/anti-malware software this is the results from ComboFix:

ComboFix 12-01-19.02 - Eric 01/20/2012 22:54:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2191 [GMT -6:00]

Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\i63lg2m51m

c:\documents and settings\All Users\Application Data\IntelOnlineNotifier.dll

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\chrome.manifest

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\install.js

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\install.rdf

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\manifest.mf

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa

c:\documents and settings\Eric\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf

c:\documents and settings\Eric\Application Data\inst.exe

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome\xulcache.jar

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\defaults\preferences\xulcache.js

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\install.rdf

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome\xulcache.jar

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\defaults\preferences\xulcache.js

c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\install.rdf

c:\documents and settings\Eric\Local Settings\Application Data\qkp.exe

c:\windows\jestertb.dll

c:\windows\system32\SET9B.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))

.

.

2012-01-20 22:24 . 2012-01-20 22:24 -------- d-----w- C:\sn0wbreeze

2012-01-14 15:46 . 2012-01-14 15:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-14 15:46 . 2012-01-14 15:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-14 15:46 . 2012-01-14 15:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-14 15:46 . 2012-01-14 15:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-04 05:26 . 2012-01-04 07:41 -------- d-----w- c:\documents and settings\Eric\Application Data\Notepad++

2012-01-04 05:26 . 2012-01-04 05:26 -------- d-----w- c:\program files\Notepad++

2011-12-27 21:30 . 2011-12-27 21:30 -------- d-----w- c:\program files\PowerISO

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 20:23 . 2011-11-23 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-11-23 20:23 . 2011-11-23 20:23 249856 ------w- c:\windows\Setup1.exe

2011-11-15 18:40 . 2011-05-26 02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 03:50 . 2011-11-15 03:50 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys

2012-01-14 15:46 . 2011-11-17 20:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

2011-11-15 20:29 896352 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"Application Updater"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"e:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\source sdk base 2007\\hl2.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousSam.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousEditor.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousModeler.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousSam.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousEditor.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousModeler.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"e:\\Program Files\\Steam\\steamapps\\sirpezz\\day of defeat source\\hl2.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Cisco Packet Tracer 5.3.1\\bin\\PacketTracer5.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=

"c:\\Program Files\\SoulseekNS\\slsk.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE_Unrestricted.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

"c:\\Documents and Settings\\M L\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\the ship\\ship.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\day of defeat\\hl.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\counter-strike\\hl.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\moon base alpha\\Binaries\\Win32\\MoonBaseAlphaGame.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD.exe"=

"c:\\Documents and Settings\\M L\\Application Data\\Spotify\\spotify.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26555:TCP"= 26555:TCP:BitComet 26555 TCP

"26555:UDP"= 26555:UDP:BitComet 26555 UDP

"10290:TCP"= 10290:TCP:BitComet 10290 TCP

"10290:UDP"= 10290:UDP:BitComet 10290 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 2:59 PM 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 2:59 PM 20952]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/8/2010 9:09 PM 47360]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]

S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/15/2011 2:22 PM 746392]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58]

.

2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100

uInternet Settings,ProxyOverride = cdn;*.local

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\idmmbc.dll

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKU-Default-Run-AdobeData - c:\documents and settings\Eric\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll

HKU-Default-Run-AppleData - c:\documents and settings\Eric\Local Settings\Application Data\Apple\AppleData\Appledata.dll

MSConfigStartUp-IntelOnlineNotifier - c:\documents and settings\All Users\Application Data\IntelOnlineNotifier.dll

AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-20 23:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}]

@Denied: (Full) (Everyone)

"Model"=dword:0000009f

"Therad"=dword:0000002a

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):99,57,06,44,e7,51,82,f5,07,67,a1,d9,0e,b1,b9,b2,13,b7,97,25,a7,

a2,90,98,b6,c5,e7,f7,2d,4c,bf,3a,1e,54,f2,8d,87,95,20,00,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):c3,78,17,e1,e4,2b,3e,2d,78,05,1a,b0,83,ce,f2,bc,ef,b8,55,80,f7,

d3,45,be,7b,b3,d6,d0,d5,51,6c,83,a3,fc,f8,99,d9,06,89,89,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}]

@Denied: (Full) (Everyone)

"Model"=dword:00000107

"Therad"=dword:00000015

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(780)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'lsass.exe'(836)

c:\windows\system32\idmmbc.dll

.

Completion time: 2012-01-20 23:04:00

ComboFix-quarantined-files.txt 2012-01-21 05:03

.

Pre-Run: 28,048,158,720 bytes free

Post-Run: 28,112,314,368 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 2F8E829DC58462A42013E45095293A56

Link to post
Share on other sites

Better than my english :D

Are the redirections still present ?

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available:

Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

"C:\Qoobox\Add-Remove Programs.txt"

This will open a notepad window. Please post the content here.

Please post in your next reply

MBAM Log

Add-Remove Programs.txt

Note all open issues

Link to post
Share on other sites

Yes I am still with you. I took a 2 day vacation.

The redirects are no longer occuring, and windows updates have now resumed. Something must have cleaned the trojan.

I have installed Avast! and it is working properly.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 912012301

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/22/2012 8:24:12 PM

mbam-log-2012-01-22 (20-24-12).txt

Scan type: Quick scan

Objects scanned: 203633

Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the Add-Remove Programs.txt:

2007 Microsoft Office Suite Service Pack 2 (SP2)

abgx360 v1.0.2

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

AIM 7

Alien Swarm

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Audacity 1.2.6

AVI To MP4 Converter 1.0

Black Ice Tiff Viewer

Bonjour

Boson NetSim for CCNP BETA 2b

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Packet Tracer 5.3.1

Click to Call with Skype

Comcast High-Speed Internet Install Wizard

CopyToy 7.2.1.0

Day of Defeat: Source

DH Driver Cleaner Professional Edition

doPDF 7.2 printer

Dual-Core Optimizer

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0

EPSON NX100 Series Printer Uninstall

EPSON Scan

GBalph NDSMovie Converter V1.00

Google Earth Plug-in

Google Talk (remove only)

Google Update Helper

Half-Life 2: Deathmatch

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

iAPP CR-e500(CR-i500) Icons and Drivers

IDT Audio

ImgBurn

Intel® Network Connections 13.5.32.0

Internet Download Manager

iTunes

Java Auto Updater

Java 6 Update 25

JPG to PDF Converter 1.0

Left 4 Dead 2

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Moonbase Alpha

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton PartitionMagic

Norton PartitionMagic 8.0

Notepad++

NVIDIA PhysX v8.10.29

PDFCreator

pdfforge Toolbar v4.8

Peggle Deluxe

PowerISO

QuickTime

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SemSim Router Simulator

Serious Sam Classic: The First Encounter

Serious Sam Classic: The Second Encounter

Serious Sam HD: The First Encounter

Serious Sam HD: The Second Encounter

Skins

Skype™ 5.1

Skype™ 5.5

SoulSeek 157 NS 13e

Spybot - Search & Destroy

Steam

TeamSpeak 3 Client

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Ventrilo Client

VLC media player 1.0.5

Watchtower Library 2010 - English

WebFldrs XP

WinDirStat 1.1.2

Windows Internet Explorer 8

WinRAR archiver

Xfire (remove only)

Xilisoft Video Converter Ultimate

ZoneAlarm

Danke,

Link to post
Share on other sites

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 6 Update 30 and save it to your desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log in your next reply.

Please launch DDS
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post both in your next reply

Please post in your next reply

log.txt

dds.txt

attach.txt

Link to post
Share on other sites

Log from EST scan:

C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan

C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan

C:\Documents and Settings\M L\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\Cache.Trash\D\94\EF26Fd01 JS/Kryptik.ES trojan

C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\IntelOnlineNotifier.dll.vir a variant of Win32/Kryptik.XNI trojan

C:\Qoobox\Quarantine\C\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

C:\Qoobox\Quarantine\C\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

C:\Qoobox\Quarantine\C\Documents and Settings\Eric\Local Settings\Application Data\qkp.exe.vir a variant of Win32/Kryptik.XMW trojan

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9A6N7L2O\rqmqzmkmkm[1].htm JS/Agent.NCU trojan

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UKCNABLK\main[1].htm JS/Fraud.NAC trojan

E:\Documents and Settings\PezZ\My Documents\aim593702.exe Win32/Adware.WBug.A application

E:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0

Run by Eric at 7:35:33 on 2012-01-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2134 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Icons\Seticon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\idt\intelxpv_v83\wdm\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTEDA.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVAST Software\Avast\setup\avast.setup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100

uInternet Settings,ProxyOverride = cdn;*.local

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [seticon] c:\program files\icons\Seticon.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [RunNarrator] Narrator.exe

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\windows\system32\idmmbc.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{511F7647-4317-4AAB-B237-C251015E4910} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\blc7h4sz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-22 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-22 314456]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-19 532224]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-22 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-22 44768]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 304464]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 20952]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-10 136176]

S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-11-15 746392]

.

=============== Created Last 30 ================

.

2012-01-25 04:46:40 -------- d-----w- c:\program files\ESET

2012-01-25 04:43:29 -------- d-----w- c:\documents and settings\eric\local settings\application data\Sun

2012-01-24 03:48:49 -------- d-----w- c:\windows\system32\appmgmt

2012-01-24 00:29:32 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-01-23 04:08:51 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-01-23 04:04:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-23 04:04:33 41184 ----a-w- c:\windows\avastSS.scr

2012-01-23 04:04:23 -------- d-----w- c:\program files\AVAST Software

2012-01-23 04:04:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-01-21 04:49:23 -------- d-sha-r- C:\cmdcons

2012-01-21 04:46:28 98816 ----a-w- c:\windows\sed.exe

2012-01-21 04:46:28 518144 ----a-w- c:\windows\SWREG.exe

2012-01-21 04:46:28 256000 ----a-w- c:\windows\PEV.exe

2012-01-21 04:46:28 208896 ----a-w- c:\windows\MBR.exe

2012-01-20 22:24:10 -------- d-----w- C:\sn0wbreeze

2012-01-14 15:46:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-01-14 15:46:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-01-14 15:46:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-01-14 15:46:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2011-12-27 21:30:02 -------- d-----w- c:\program files\PowerISO

.

==================== Find3M ====================

.

2012-01-24 00:29:14 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-01-24 00:29:13 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 20:23:16 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-11-23 20:23:16 249856 ------w- c:\windows\Setup1.exe

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-15 18:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:27:33 386048 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:27:33 1292288 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

.

============= FINISH: 7:37:09.21 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/27/2010 11:17:28 PM

System Uptime: 1/24/2012 7:27:35 AM (24 hours ago)

.

Motherboard: Intel Corporation | | DX48BT2

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | CPU1 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 28.755 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 932 GiB total, 266.949 GiB free.

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_10DF&PID_0500\042000004AC8

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_10DF&PID_0500\042000004AC8

Service: USBSTOR

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_54428086&REV_02\3&61AAA01&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_54428086&REV_02\3&61AAA01&0&FB

Service:

.

==== System Restore Points ===================

.

RP457: 1/23/2012 11:45:40 AM - Software Distribution Service 3.0

RP458: 1/23/2012 6:29:06 PM - Installed Java 7 Update 2

RP459: 1/23/2012 9:48:08 PM - Removed Java 6 Update 25

RP460: 1/23/2012 9:52:15 PM - Removed GBalph NDSMovie Converter V1.00

RP461: 1/24/2012 9:52:26 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

abgx360 v1.0.2

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Audacity 1.2.6

avast! Free Antivirus

AVI To MP4 Converter 1.0

Black Ice Tiff Viewer

Bonjour

Boson NetSim for CCNP BETA 2b

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Packet Tracer 5.3.1

Click to Call with Skype

CopyToy 7.2.1.0

Day of Defeat: Source

DH Driver Cleaner Professional Edition

doPDF 7.2 printer

Dual-Core Optimizer

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0

EPSON NX100 Series Printer Uninstall

EPSON Scan

ESET Online Scanner v3

Google Earth Plug-in

Google Talk (remove only)

Google Update Helper

Half-Life 2: Deathmatch

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

iAPP CR-e500(CR-i500) Icons and Drivers

IDT Audio

ImgBurn

Intel® Network Connections 13.5.32.0

Internet Download Manager

iTunes

Java Auto Updater

Java 7 Update 2

JPG to PDF Converter 1.0

Left 4 Dead 2

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton PartitionMagic

Norton PartitionMagic 8.0

Notepad++

NVIDIA PhysX v8.10.29

PDFCreator

pdfforge Toolbar v4.8

Peggle Deluxe

PowerISO

QuickTime

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SemSim Router Simulator

Serious Sam Classic: The First Encounter

Serious Sam Classic: The Second Encounter

Serious Sam HD: The First Encounter

Serious Sam HD: The Second Encounter

Skins

Skype™ 5.1

Skype™ 5.5

SoulSeek 157 NS 13e

Spybot - Search & Destroy

Steam

TeamSpeak 3 Client

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Ventrilo Client

VLC media player 1.0.5

Watchtower Library 2010 - English

WebFldrs XP

WinDirStat 1.1.2

Windows Internet Explorer 8

WinRAR archiver

Xfire (remove only)

Xilisoft Video Converter Ultimate

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

1/23/2012 9:25:23 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

1/23/2012 11:44:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ComboFix.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

1/22/2012 7:37:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

1/22/2012 7:37:44 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/22/2012 10:15:31 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal.

1/20/2012 10:46:04 PM, error: Service Control Manager [7034] - The EPSON V5 Service4(01) service terminated unexpectedly. It has done this 1 time(s).

1/20/2012 10:46:04 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).

1/18/2012 7:29:36 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

.

==== End Of File ===========================

Thanks,

Link to post
Share on other sites

Open notepad and copy/paste the text in the Code-box below into it:


Folder::
C:\Program Files\Common Files\Spigot
File::
C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest
C:\Documents and Settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest

ClearJavaCache::

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please post in your next reply

Combofix.txt

How is your system behaving now ?

Link to post
Share on other sites

Here is the new Combofix log:

ComboFix 12-01-23.02 - Eric 01/25/2012 23:15:31.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2479 [GMT -6:00]

Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

FILE ::

"c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest"

"c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{2950e164-82d3-422a-a087-dd11f3d9b3df}\chrome.manifest

c:\documents and settings\M L\Application Data\Mozilla\Firefox\Profiles\ymkzz8hu.default\extensions\{97225bdf-6e65-4763-bc69-b4f0a23cc64c}\chrome.manifest

c:\program files\Common Files\Spigot

c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml

c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml

c:\program files\Common Files\Spigot\Search Settings\config.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini

c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini

c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml

c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml

c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml

c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml

c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest

c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt

c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8

c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9

c:\program files\Common Files\Spigot\wtxpcom\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))

.

.

2012-01-25 04:46 . 2012-01-25 04:46 -------- d-----w- c:\program files\ESET

2012-01-25 04:43 . 2012-01-25 04:43 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Sun

2012-01-24 00:29 . 2012-01-24 00:29 -------- d-----w- c:\program files\Common Files\Java

2012-01-24 00:29 . 2012-01-24 00:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-01-23 04:08 . 2012-01-23 04:08 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-01-23 04:04 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-01-23 04:04 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-01-23 04:04 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-01-23 04:04 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-01-23 04:04 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-23 04:04 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-01-23 04:04 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-01-23 04:04 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-01-23 04:04 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-23 04:04 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe

2012-01-23 04:04 . 2012-01-23 04:04 -------- d-----w- c:\program files\AVAST Software

2012-01-23 04:04 . 2012-01-23 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-01-20 22:24 . 2012-01-20 22:24 -------- d-----w- C:\sn0wbreeze

2012-01-14 15:46 . 2012-01-14 15:46 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-14 15:46 . 2012-01-14 15:46 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-14 15:46 . 2012-01-14 15:46 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-14 15:46 . 2012-01-14 15:46 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-04 05:26 . 2012-01-04 07:41 -------- d-----w- c:\documents and settings\Eric\Application Data\Notepad++

2012-01-04 05:26 . 2012-01-04 05:26 -------- d-----w- c:\program files\Notepad++

2011-12-27 21:30 . 2011-12-27 21:30 -------- d-----w- c:\program files\PowerISO

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 00:29 . 2011-05-09 13:20 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-01-24 00:29 . 2011-05-09 13:20 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-25 21:57 . 2008-04-14 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 20:23 . 2011-11-23 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-11-23 20:23 . 2011-11-23 20:23 249856 ------w- c:\windows\Setup1.exe

2011-11-23 13:25 . 2008-04-14 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 08:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-15 18:40 . 2011-05-26 02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 03:50 . 2011-11-15 03:50 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-11-04 19:20 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2008-04-23 00:16 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:27 . 2008-07-12 19:09 1292288 ----a-w- c:\windows\system32\quartz.dll

2011-11-03 15:27 . 2008-04-14 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll

2011-11-01 16:07 . 2008-04-14 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2008-04-14 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2012-01-14 15:46 . 2011-11-17 20:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-01-21_05.01.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

- 2009-07-11 19:35 . 2009-07-11 19:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

- 2009-07-11 19:35 . 2009-07-11 19:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2012-01-25 20:05 . 2012-01-25 20:05 16384 c:\windows\temp\Perflib_Perfdata_824.dat

+ 2008-07-12 19:08 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe

- 2008-07-12 19:08 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe

+ 2008-04-14 08:00 . 2012-01-23 04:38 72486 c:\windows\system32\perfc009.dat

- 2008-04-14 08:00 . 2011-11-07 15:53 72486 c:\windows\system32\perfc009.dat

- 2008-04-23 00:16 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll

+ 2008-04-14 08:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll

- 2008-04-14 08:00 . 2008-04-14 08:00 23040 c:\windows\system32\mciseq.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll

+ 2010-04-26 07:49 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll

- 2010-04-26 07:49 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2008-04-14 08:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe

+ 2008-04-23 00:16 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2010-04-28 04:15 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2010-04-28 04:15 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-04-14 08:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll

- 2008-04-14 08:00 . 2008-04-14 08:00 23040 c:\windows\system32\dllcache\mciseq.dll

- 2008-07-12 19:10 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2008-07-12 19:10 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2008-04-14 08:00 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2008-04-14 08:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2010-08-04 16:20 . 2011-10-21 16:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-01-23 04:38 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_566feda3\System.Drawing.Design.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_783e3207\CustomMarshalers.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-10-21 16:16 . 2011-10-21 16:16 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-01-23 04:40 . 2012-01-23 04:40 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-10-21 16:26 . 2011-10-21 16:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

- 2009-07-11 19:35 . 2009-07-11 19:35 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2008-04-14 08:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll

- 2008-04-14 08:00 . 2008-04-14 08:00 176128 c:\windows\system32\winmm.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll

+ 2008-04-14 08:00 . 2012-01-23 04:38 444354 c:\windows\system32\perfh009.dat

- 2008-04-14 08:00 . 2011-11-07 15:53 444354 c:\windows\system32\perfh009.dat

+ 2008-04-23 00:16 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll

+ 2012-01-24 00:29 . 2012-01-24 00:29 223112 c:\windows\system32\javaws.exe

+ 2012-01-24 00:29 . 2012-01-24 00:29 173960 c:\windows\system32\javaw.exe

+ 2012-01-24 00:29 . 2012-01-24 00:29 173960 c:\windows\system32\java.exe

- 2008-07-12 19:10 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll

+ 2008-07-12 19:10 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll

+ 2008-04-22 03:39 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe

- 2008-04-22 03:39 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe

+ 2010-04-27 23:05 . 2012-01-23 15:22 266208 c:\windows\system32\FNTCACHE.DAT

- 2010-04-27 23:05 . 2011-10-21 16:31 266208 c:\windows\system32\FNTCACHE.DAT

+ 2008-04-14 08:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll

- 2008-04-14 08:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll

- 2008-04-14 08:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2008-04-14 08:00 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2008-04-14 08:00 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll

- 2008-04-14 08:00 . 2008-04-14 08:00 176128 c:\windows\system32\dllcache\winmm.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll

+ 2008-04-14 08:00 . 2011-11-03 15:27 386048 c:\windows\system32\dllcache\qdvd.dll

- 2008-04-14 08:00 . 2008-04-14 08:00 386048 c:\windows\system32\dllcache\qdvd.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-04-28 04:15 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-04-28 04:15 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2010-04-26 07:49 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2010-04-26 07:49 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2008-07-12 19:10 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2008-07-12 19:10 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-09 03:04 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-09 03:04 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-04-22 03:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-22 03:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-14 08:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll

+ 2008-04-14 08:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll

+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\a1f216.msp

+ 2012-01-24 00:29 . 2012-01-24 00:29 176128 c:\windows\Installer\1f49ddc.msi

+ 2012-01-24 00:29 . 2012-01-24 00:29 938496 c:\windows\Installer\1f49dcc.msi

+ 2010-08-04 16:20 . 2012-01-23 04:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2010-08-04 16:20 . 2011-10-21 16:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2012-01-23 04:38 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll

+ 2012-01-23 04:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll

+ 2012-01-23 04:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe

+ 2012-01-23 04:38 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll

+ 2012-01-23 04:38 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe

+ 2012-01-23 04:41 . 2012-01-23 04:41 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_602b20b7\System.Drawing.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ac341452\System.Drawing.Design.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e773a7b1\CustomMarshalers.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll

+ 2012-01-23 04:45 . 2012-01-23 04:45 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll

+ 2012-01-23 04:44 . 2012-01-23 04:44 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe

+ 2012-01-23 04:43 . 2012-01-23 04:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-06-24 06:23 . 2011-10-21 16:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2012-01-23 04:44 . 2012-01-23 04:44 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

- 2009-07-11 19:32 . 2009-07-11 19:32 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll

+ 2008-04-14 08:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe

- 2008-04-14 08:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe

+ 2008-04-14 04:01 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe

- 2008-04-14 04:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-23 22:16 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll

+ 2008-04-14 08:00 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys

+ 2008-04-23 00:16 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2008-04-23 00:16 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2008-07-12 19:09 . 2011-11-03 15:27 1292288 c:\windows\system32\dllcache\quartz.dll

+ 2008-04-14 08:00 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll

+ 2010-04-26 07:22 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

- 2010-04-26 07:22 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

- 2010-04-26 07:22 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2010-04-26 07:22 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2010-04-26 07:22 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2010-04-26 07:22 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-04-23 22:16 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll

- 2010-04-28 04:15 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2010-04-28 04:15 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll

+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\a1f22f.msp

+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\a1f1f5.msp

+ 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\a1f1ea.msp

+ 2011-11-11 22:14 . 2011-11-11 22:14 9096192 c:\windows\Installer\a1f1d3.msp

+ 2011-11-01 19:34 . 2011-11-01 19:34 4225536 c:\windows\Installer\a1f1bc.msp

+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\a1f1a0.msp

+ 2011-11-11 22:15 . 2011-11-11 22:15 1795584 c:\windows\Installer\a1f189.msp

+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\a1f172.msp

+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\a1f15b.msp

+ 2010-08-04 16:20 . 2012-01-23 04:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-08-04 16:20 . 2011-10-21 16:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-08-04 16:20 . 2011-10-21 16:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-08-04 16:20 . 2012-01-23 04:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE

+ 2012-01-23 04:38 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll

+ 2012-01-23 04:38 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll

+ 2012-01-23 04:38 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll

+ 2010-04-26 07:22 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2010-04-26 07:22 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2010-04-26 07:22 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2010-04-26 07:22 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2010-04-26 07:22 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-04-26 07:22 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2012-01-23 04:41 . 2012-01-23 04:41 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ee08f8c4\System.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_59207b29\System.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4733ddc5\System.Xml.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3a9bd1aa\System.Xml.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f173c56a\System.Windows.Forms.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_42524f61\System.Windows.Forms.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_dd488e70\System.Drawing.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9f0ad762\System.Design.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_90ea9f6b\System.Design.dll

+ 2012-01-23 04:41 . 2012-01-23 04:42 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8baeb66f\mscorlib.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_63c1086c\mscorlib.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll

+ 2012-01-23 15:36 . 2012-01-23 15:36 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll

+ 2012-01-23 04:43 . 2012-01-23 04:43 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll

+ 2012-01-23 04:44 . 2012-01-23 04:44 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-11-02 15:49 . 2010-11-02 15:49 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2012-01-23 04:41 . 2012-01-23 04:41 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2011-10-21 16:25 . 2011-10-21 16:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-10-21 16:26 . 2011-10-21 16:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-01-23 04:37 . 2012-01-23 04:37 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-06-24 06:23 . 2011-10-21 16:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-10-21 16:16 . 2011-10-21 16:16 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2012-01-23 04:40 . 2012-01-23 04:40 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2012-01-23 04:40 . 2012-01-23 04:40 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-01-23 04:40 . 2012-01-23 04:40 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-04-26 07:47 . 2012-01-04 23:15 52128560 c:\windows\system32\MRT.exe

- 2008-04-23 00:16 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll

+ 2008-04-23 00:16 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll

+ 2010-04-28 04:15 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll

- 2010-04-28 04:15 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp

+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\a1f20f.msp

+ 2012-01-23 04:38 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll

+ 2012-01-23 15:35 . 2012-01-23 15:35 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll

+ 2012-01-23 04:44 . 2012-01-23 04:44 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll

+ 2012-01-23 04:40 . 2012-01-23 04:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-23 98304]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"Application Updater"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\source sdk base 2007\\hl2.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousSam.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousEditor.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the first encounter\\Bin\\SeriousModeler.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousSam.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousEditor.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam classic the second encounter\\Bin\\SeriousModeler.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"e:\\Program Files\\Steam\\steamapps\\sirpezz\\day of defeat source\\hl2.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Cisco Packet Tracer 5.3.1\\bin\\PacketTracer5.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=

"c:\\Program Files\\SoulseekNS\\slsk.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the second encounter\\Bin\\SamHD_TSE_Unrestricted.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

"c:\\Documents and Settings\\M L\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\M L\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\the ship\\ship.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\day of defeat\\hl.exe"=

"e:\\Program Files\\Steam\\steamapps\\ret0r@hotmail.com\\counter-strike\\hl.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD.exe"=

"c:\\Documents and Settings\\M L\\Application Data\\Spotify\\spotify.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26555:TCP"= 26555:TCP:BitComet 26555 TCP

"26555:UDP"= 26555:UDP:BitComet 26555 UDP

"10290:TCP"= 10290:TCP:BitComet 10290 TCP

"10290:UDP"= 10290:UDP:BitComet 10290 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/22/2012 10:04 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/22/2012 10:04 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/22/2012 10:04 PM 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 2:59 PM 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 2:59 PM 20952]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/8/2010 9:09 PM 47360]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2011 2:58 PM 136176]

S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/15/2011 2:22 PM 746392]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58]

.

2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 20:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100

uInternet Settings,ProxyOverride = cdn;*.local

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\idmmbc.dll

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\blc7h4sz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-25 23:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2382e92e-3be9-47f6-8985-a6619f976093}]

@Denied: (Full) (Everyone)

"Model"=dword:0000009f

"Therad"=dword:0000002a

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):99,57,06,44,e7,51,82,f5,07,67,a1,d9,0e,b1,b9,b2,13,b7,97,25,a7,

a2,90,98,b6,c5,e7,f7,2d,4c,bf,3a,1e,54,f2,8d,87,95,20,00,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):c3,78,17,e1,e4,2b,3e,2d,78,05,1a,b0,83,ce,f2,bc,ef,b8,55,80,f7,

d3,45,be,7b,b3,d6,d0,d5,51,6c,83,a3,fc,f8,99,d9,06,89,89,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9945fc8-1835-4b08-b27b-93fb4d0df3cb}]

@Denied: (Full) (Everyone)

"Model"=dword:00000107

"Therad"=dword:00000015

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(824)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'lsass.exe'(880)

c:\windows\system32\idmmbc.dll

.

Completion time: 2012-01-25 23:33:06

ComboFix-quarantined-files.txt 2012-01-26 05:33

ComboFix2.txt 2012-01-21 05:04

.

Pre-Run: 30,523,707,392 bytes free

Post-Run: 30,533,656,576 bytes free

.

- - End Of File - - F823BD7197FB9EC469B4D958393DA1EE

My system is now running smoother, no more redirects during google searches.

Thanks,

Link to post
Share on other sites

Here is the latest full scan log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 912012606

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/26/2012 10:40:45 PM

mbam-log-2012-01-26 (22-40-45).txt

Scan type: Full scan (C:\|)

Objects scanned: 274219

Time elapsed: 1 hour(s), 51 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SoftwareDistribution\Download\3196d77b689e5d019e8a4f6e9048fd78650823de (Trojan.Llac) -> Quarantined and deleted successfully.

Thanks,

Link to post
Share on other sites

Unless you have any open issues, you are good to go. Please follow these last few steps.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

    [*] Software Updates

    Your installed Software also can have vulnerabilities that malware can use to infect your system.

    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.