TechSpot

My Google search results are redirected to scour.com webpages

Inactive
By oldskool68
Jun 28, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    First time user here. My Google search results randomly get redirected to a page with the header scour.com. Additionally, when I search images in google, only the first two pages of results are displayed the rest seemed to be blocked. (I noticed in my Winzip application there are some files showing unzipped that I know I did not download.)

    Can anyone help with these issue?

    Thanks again in advance.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot. I'll be glad to help you find the problem, but I am going to need some info first:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. oldskool68

    oldskool68 TS Rookie Topic Starter

    Thanks for the reply.

    Here are the logs that are requested.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6950

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/29/2011 7:28:19 AM
    mbam-log-2011-06-29 (07-28-19).txt

    Scan type: Quick scan
    Objects scanned: 195090
    Time elapsed: 18 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------------------

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-29 08:23:45
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9 TOSHIBA_MK8034GSX rev.AH301A
    Running: 5gmvwbgg.exe; Driver: C:\DOCUME~1\Sean\LOCALS~1\Temp\kfryrpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A9A1800 ZwAllocateVirtualMemory
    SSDT BA77D146 ZwCreateKey
    SSDT 8A9A1D28 ZwCreateProcess
    SSDT 8A9A1CB0 ZwCreateProcessEx
    SSDT BA77D13C ZwCreateThread
    SSDT BA77D14B ZwDeleteKey
    SSDT BA77D155 ZwDeleteValueKey
    SSDT BA77D15A ZwLoadKey
    SSDT 8A9A1DA0 ZwOpenKey
    SSDT BA77D128 ZwOpenProcess
    SSDT BA77D12D ZwOpenThread
    SSDT 8A9A1878 ZwQueueApcThread
    SSDT 8A9A1710 ZwReadVirtualMemory
    SSDT 8A9E1A28 ZwRenameKey
    SSDT BA77D164 ZwReplaceKey
    SSDT BA77D15F ZwRestoreKey
    SSDT 8A9A1968 ZwSetContextThread
    SSDT 8A9E9140 ZwSetInformationKey
    SSDT 8A9A1BC0 ZwSetInformationProcess
    SSDT 8A9A19E0 ZwSetInformationThread
    SSDT BA77D150 ZwSetValueKey
    SSDT 8A9A1B48 ZwSuspendProcess
    SSDT 8A9A18F0 ZwSuspendThread
    SSDT 8A9A1C38 ZwTerminateProcess
    SSDT 8A9A1A58 ZwTerminateThread
    SSDT 8A9A1788 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? ttalj.sys The system cannot find the file specified. !
    ? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5052] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5052] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5052] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5052] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A9A1698
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A9D2FA8

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip 8A7E27C0
    Device \Driver\Tcpip \Device\Ip 8A93BFA8
    Device \Driver\Tcpip \Device\Ip 8A8DA798
    Device \Driver\Tcpip \Device\Tcp 8A7E27C0
    Device \Driver\Tcpip \Device\Tcp 8A93BFA8
    Device \Driver\Tcpip \Device\Tcp 8A8DA798
    Device \Driver\Tcpip \Device\Udp 8A7E27C0
    Device \Driver\Tcpip \Device\Udp 8A93BFA8
    Device \Driver\Tcpip \Device\Udp 8A8DA798
    Device \Driver\Tcpip \Device\RawIp 8A7E27C0
    Device \Driver\Tcpip \Device\RawIp 8A93BFA8
    Device \Driver\Tcpip \Device\RawIp 8A8DA798
    Device \Driver\Tcpip \Device\IPMULTICAST 8A7E27C0
    Device \Driver\Tcpip \Device\IPMULTICAST 8A93BFA8
    Device \Driver\Tcpip \Device\IPMULTICAST 8A8DA798

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACotomltxv.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors

    ---- EOF - GMER 1.0.15 ----

    -----------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Run by Sean at 8:24:11 on 2011-06-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1220 [GMT -4:00]
    .
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Protector Suite QL\menusw.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Belkin Storage Manager\StorageManager.exe
    C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
    uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
    mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
    mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
    mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
    mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
    mRun: [Alcmtr] "ALCMTR.EXE"
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"
    mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
    mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
    mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
    mRun: [<NO NAME>]
    mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
    mRun: [Switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"
    mRun: [PartSeal] "c:\windows\sonysys\vaio recovery\PartSeal.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [StatusClient] "c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe" /auto
    mRun: [TomcatStartup] "c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe"
    mRun: [HPLJ Config] "c:\program files\hewlett-packard\hp laserjet 1010 series\SetConfig.exe" -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
    mRun: [Belkin Storage Manager] "c:\program files\belkin storage manager\StorageManager.exe"
    mRun: [Adobe_ID0EYTHM] "c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE"
    mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"
    mRun: [Nyikazom] rundll32.exe "c:\windows\usosamoqixates.dll",Startup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\sean\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229360667171
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{4A85F785-750E-4257-9C55-602510AD49C5} : DhcpNameServer = 192.168.2.1 192.168.2.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - fusstub.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli fusstub
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\sean\application data\mozilla\firefox\profiles\dqop1m2t.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - www.msn.com
    FF - component: c:\documents and settings\sean\application data\mozilla\firefox\profiles\dqop1m2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-4-17 14720]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-29 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-29 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-29 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-29 61960]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
    R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-8-29 45072]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-8-29 3899008]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-4-6 3251928]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36352]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-17 808448]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-13 22712]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-17 31104]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-13 366640]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2011-06-29 11:02:00 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-29 11:01:59 -------- d-----w- c:\program files\Avira
    2011-06-29 11:01:59 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-06-27 02:13:29 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-26 03:10:37 0 ----a-w- c:\windows\Nheluxaf.bin
    2011-06-26 03:10:34 -------- d-----w- c:\documents and settings\sean\local settings\application data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}
    2011-06-26 03:09:19 -------- d-----w- c:\program files\PageRage
    2011-06-13 01:39:39 -------- dc----w- C:\MPS
    .
    ==================== Find3M ====================
    .
    2011-06-26 23:19:35 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 8:24:56.51 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/15/2008 1:18:20 PM
    System Uptime: 6/28/2011 6:45:51 AM (26 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | N/A | 1995/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 68 GiB total, 15.999 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP843: 5/17/2011 12:43:03 PM - System Checkpoint
    RP844: 5/19/2011 7:11:08 PM - System Checkpoint
    RP845: 5/20/2011 11:42:41 PM - System Checkpoint
    RP846: 5/21/2011 2:08:22 AM - Installed HiJackThis
    RP847: 5/23/2011 3:28:43 AM - System Checkpoint
    RP848: 5/24/2011 1:13:35 PM - System Checkpoint
    RP849: 5/26/2011 9:28:56 AM - Installed Windows XP winusb0100.
    RP850: 5/27/2011 2:04:32 PM - System Checkpoint
    RP851: 5/29/2011 8:02:23 AM - System Checkpoint
    RP852: 5/30/2011 10:34:20 AM - System Checkpoint
    RP853: 5/31/2011 2:59:27 PM - System Checkpoint
    RP854: 6/2/2011 11:51:35 PM - System Checkpoint
    RP855: 6/5/2011 4:46:19 PM - System Checkpoint
    RP856: 6/8/2011 1:07:22 AM - System Checkpoint
    RP857: 6/9/2011 12:18:57 PM - System Checkpoint
    RP858: 6/10/2011 12:26:55 PM - System Checkpoint
    RP859: 6/12/2011 3:20:29 PM - System Checkpoint
    RP860: 6/13/2011 3:59:41 PM - System Checkpoint
    RP861: 6/14/2011 8:30:35 PM - System Checkpoint
    RP862: 6/21/2011 11:50:58 PM - System Checkpoint
    RP863: 6/23/2011 8:48:31 AM - System Checkpoint
    RP864: 6/26/2011 1:04:14 AM - System Checkpoint
    RP865: 6/27/2011 10:27:30 AM - System Checkpoint
    RP866: 6/28/2011 6:46:01 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Design Standard
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8 Professional - English, Fran├žais, Deutsch
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Creative Suite 3 Design Standard
    Adobe Creative Suite 5 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe GoLive
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe SVG Viewer 3.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AiO_Scan
    ATI Display Driver
    Avira AntiVir Personal - Free Antivirus
    Belkin Storage Manager
    Bluetooth Stack for Windows by Toshiba
    Business Contact Manager for Outlook 2007 SP2
    Critical Update for Windows Media Player 11 (KB959772)
    GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB835221
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Image Zone 4.7
    hp LaserJet 1010 Series
    HP PSC & OfficeJet 4.7
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD for VAIO
    ISScript
    Java Auto Updater
    Java(TM) 6 Update 21
    LAN Setting Utility
    Malwarebytes' Anti-Malware version 1.51.0.1200
    mCore
    mDriver
    mDrWiFi
    Memory Stick Formatter
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliPoint 5.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft WinUsb 1.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 5.0 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB954459)
    mWlsSafe
    mZConfig
    OGA Notifier 2.0.0048.0
    PDF Settings
    PDF Settings CS5
    Protector Suite QL 5.3
    QFolder
    QuickBooks Product Listing Service
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator Home
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Setting Utility Series
    Simple Start Entice
    SmartFTP Client
    SmartFTP Client 3.0 Setup Files (remove only)
    Sony Certificate PCH
    Sony Utilities DLL
    Spybot - Search & Destroy
    SupportSoft Assisted Service
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Publisher 2007 Help (KB957249)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VAIO Central
    VAIO Event Service
    VAIO Hardware Diagnostics
    VAIO HDD Protection
    VAIO Light Flo Wallpaper
    VAIO Long Battery Life Wallpaper
    VAIO Power Management
    VAIO Registration
    VAIO Security Center
    VAIO Support Central
    VAIO Update 3
    VAIO Wireless LAN Setup Utility
    WebFldrs XP
    Webroot Software
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 7 Multilingual User Interface (MUI)
    Windows Internet Explorer 8
    Windows Live installer
    Windows Live Sign-in Assistant
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile Device Updater Component
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinZip 11.2
    Wireless Switch Setting Utility
    XML Paper Specification Shared Components Pack 1.0
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/24/2011 8:34:02 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    .
    ==== End Of File ===========================


    Thanks again, I hope this shows something
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Why did you add Avira AntiVir Personal - Free Antivirus on 6/29 when you already had Webroot? You should not run 2 antivirus programs. Please remove one of them. If Webroot has expired and you are no longer using it, it is still loading and needs to be uninstalled.
    Directions in Step 1:
    Please reboot the computer when through.
    ========================================================
    Please submit the following files to Virus Total for ID:

    Please go to: VirusTotal
    • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to the following files, one at a time:
    • Click "Open".
    • Then click the "Send" button at the top of the VirusTotal page.
    • This will scan the file. Please be patient.
    • Once scanned, copy and paste the results in your next reply.
    ===========================================
    Then run the following:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
  5. oldskool68

    oldskool68 TS Rookie Topic Starter

    Virus total scan took a very long time and shut down a couple of times. After it completed it's scan it did not give me anything to post. It said something to the effect of ....usosamoqixates.dll cannot be found. Below is the ComboFix log.

    ------------------------------------------------------------------------------------------------------

    ComboFix 11-06-29.06 - Sean 06/29/2011 15:27:29.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1281 [GMT -4:00]
    Running from: c:\documents and settings\Sean\My Documents\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Sean\g2mdlhlpx.exe
    c:\documents and settings\Sean\Local Settings\Application Data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}
    c:\documents and settings\Sean\Local Settings\Application Data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}\chrome.manifest
    c:\documents and settings\Sean\Local Settings\Application Data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}\chrome\content\_cfg.js
    c:\documents and settings\Sean\Local Settings\Application Data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}\chrome\content\overlay.xul
    c:\documents and settings\Sean\Local Settings\Application Data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}\install.rdf
    C:\Thumbs.db
    c:\windows\setup.exe
    c:\windows\system32\Thumbs.db
    c:\windows\usosamoqixates.dll
    .
    c:\windows\system32\proquota.exe was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-29 19:33 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
    2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\program files\Common Files\Java
    2011-06-29 13:33 . 2011-06-29 13:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\program files\Java
    2011-06-29 11:02 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-29 11:02 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-29 11:02 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-29 11:02 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-29 11:01 . 2011-06-29 11:01 -------- d-----w- c:\program files\Avira
    2011-06-29 11:01 . 2011-06-29 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-27 02:13 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-26 03:10 . 2011-06-29 15:34 0 ----a-w- c:\windows\Nheluxaf.bin
    2011-06-26 03:09 . 2011-06-26 03:09 -------- d-----w- c:\program files\PageRage
    2011-06-13 01:39 . 2011-06-13 01:39 -------- dc----w- C:\MPS
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-29 13:33 . 2010-05-08 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-26 23:19 . 2010-08-29 14:23 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-05-29 13:11 . 2011-04-13 15:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2011-04-13 15:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-21 06:08 . 2011-05-21 06:08 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-16 04:17 . 2011-06-27 00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]
    "VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]
    "VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]
    "QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
    "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
    "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
    "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
    "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
    "HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
    "Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Sean\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-6-15 295606]
    Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2008-12-16 738968]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
    "c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 4:25 PM 14720]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/29/2011 7:02 AM 136360]
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 10:13 PM 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 10:13 PM 33024]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:24 PM 36352]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 4:24 PM 808448]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/13/2011 11:52 AM 22712]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 4:25 PM 31104]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/13/2011 11:52 AM 366640]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WUAUSERV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-VALUED-0243CCA1-Sean.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-18 07:44]
    .
    2010-03-11 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
    .
    2008-12-15 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]
    .
    2009-06-21 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - www.msn.com
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-Nyikazom - c:\windows\usosamoqixates.dll
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-29 15:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1192)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\fusstub.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\passport.dll
    c:\program files\Protector Suite QL\BhTcAll.dll
    c:\program files\Protector Suite QL\BhDevTfm.dll
    c:\program files\Protector Suite QL\AlgVer.dll
    c:\program files\Protector Suite QL\TCBioLib.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\windows\system32\VESWinlogon.dll
    c:\program files\Protector Suite QL\mysafe.dll
    .
    - - - - - - - > 'explorer.exe'(2760)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\system32\ZuneBusEnum.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    c:\program files\Microsoft ActiveSync\Wcescomm.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    c:\windows\SoftwareDistribution\Download\7aef1544ff0ad3ce72296289fcd5e912\update\update.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-29 15:48:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-29 19:48
    .
    Pre-Run: 17,679,974,400 bytes free
    Post-Run: 17,876,439,040 bytes free
    .
    - - End Of File - - B096E7359EE9CD9FFD56A3E859E52A8F
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    ===========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\usosamoqixates.dll
    Folder::
    c:\windows\Nheluxaf.bin
    Extra::
    File::
    Firefox::
    Firefox-: - Profile - c:\documents and settings\sean\application data\mozilla\firefox\profiles\dqop1m2t.default\
    Firefox-: - prefa.js - Browser.SearchURL
    DDS::
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"=-
    DirLook::
    c:\documents and settings\sean\local settings\application data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF}
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  7. oldskool68

    oldskool68 TS Rookie Topic Starter

    Here you go...
    ComboFix 11-06-29.06 - Sean 06/29/2011 17:15:16.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1204 [GMT -4:00]
    Running from: c:\documents and settings\Sean\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Sean\My Documents\Downloads\CFScript.txt
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    FILE ::
    "c:\windows\usosamoqixates.dll"
    .
    (( Other Deletions ))
    .
    .
    c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe
    c:\program files\java\jre6\bin\jp2ssv.dll
    c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    .
    .
    (( Files Created from 2011-05-28 to 2011-06-29 ))
    .
    .
    2011-06-29 20:25 . 2011-06-29 20:25 -------- d-----w- c:\windows\LastGood
    2011-06-29 19:33 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
    2011-06-29 19:33 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\program files\Common Files\Java
    2011-06-29 13:33 . 2011-06-29 13:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\program files\Java
    2011-06-29 11:02 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-29 11:02 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-29 11:02 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-29 11:02 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-29 11:01 . 2011-06-29 11:01 -------- d-----w- c:\program files\Avira
    2011-06-29 11:01 . 2011-06-29 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-27 02:13 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-26 03:10 . 2011-06-29 15:34 0 ----a-w- c:\windows\Nheluxaf.bin
    2011-06-26 03:09 . 2011-06-26 03:09 -------- d-----w- c:\program files\PageRage
    2011-06-13 01:39 . 2011-06-13 01:39 -------- dc----w- C:\MPS
    .
    .
    .
    (( Find3M Report ))
    .
    2011-06-29 13:33 . 2010-05-08 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-26 23:19 . 2010-08-29 14:23 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-05-29 13:11 . 2011-04-13 15:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2011-04-13 15:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-21 06:08 . 2011-05-21 06:08 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-16 04:17 . 2011-06-27 00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (( Look ))
    .
    ---- Directory of c:\documents and settings\sean\local settings\application data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF} ----
    .
    .
    .
    (( SnapShot@2011-06-29_19.37.29 ))
    .
    + 2011-06-29 20:21 . 2011-06-29 20:21 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
    - 2007-04-17 20:24 . 2011-06-29 14:12 90276 c:\windows\system32\perfc009.dat
    + 2007-04-17 20:24 . 2011-06-29 20:14 90276 c:\windows\system32\perfc009.dat
    + 2007-04-17 20:24 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
    - 2007-04-17 20:24 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
    + 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    + 2008-12-16 17:56 . 2011-06-29 20:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-12-16 17:56 . 2011-06-29 20:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-12-16 17:56 . 2011-06-29 20:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-12-31 13:52 . 2011-03-10 11:33 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-12-31 13:52 . 2011-03-10 11:33 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-12-31 13:52 . 2011-03-10 11:33 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-06-29 20:16 . 2011-06-29 20:16 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
    + 2011-06-29 20:16 . 2011-06-29 20:16 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\61ae638a8173b053fc3e6dde41df25a3\Microsoft.VisualC.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2009-04-16 10:53 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
    + 2009-04-16 10:53 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-09-06 04:29 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe
    + 2007-04-17 20:24 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
    + 2007-04-17 20:24 . 2011-06-29 20:14 491752 c:\windows\system32\perfh009.dat
    - 2007-04-17 20:24 . 2011-06-29 14:12 491752 c:\windows\system32\perfh009.dat
    - 2007-04-17 20:24 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
    + 2007-04-17 20:24 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
    - 2007-04-17 20:24 . 2010-09-18 16:23 974848 c:\windows\system32\mfc42u.dll
    + 2007-04-17 20:24 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
    + 2007-04-17 20:24 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
    + 2007-04-17 20:24 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
    - 2007-04-17 20:24 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
    + 2007-04-17 20:24 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
    + 2007-04-17 20:24 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
    - 2007-04-17 20:24 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
    + 2007-04-17 20:24 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
    + 2008-09-06 04:29 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe
    + 2008-09-06 04:30 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
    + 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
    + 2008-12-15 19:04 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
    + 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
    - 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
    - 2010-09-18 16:23 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2010-09-18 16:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2010-10-14 21:11 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
    + 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
    - 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
    + 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
    + 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
    - 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    + 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
    + 2007-04-17 20:24 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
    + 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2008-12-16 17:56 . 2011-06-29 20:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-12-16 17:56 . 2011-06-29 20:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2008-12-16 17:56 . 2011-06-29 20:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-12-16 17:56 . 2011-06-29 20:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-12-31 13:52 . 2011-03-10 11:33 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-12-31 13:52 . 2011-03-10 11:33 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-12-31 13:52 . 2011-03-10 11:32 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-12-31 13:52 . 2011-03-10 11:32 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-12-31 13:52 . 2011-03-10 11:33 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2008-12-31 13:52 . 2011-03-10 11:32 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-06-29 20:07 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2011-06-29 20:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2011-06-29 20:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2011-06-29 20:07 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\2b73a63d3b6e331db1224173b25f9148\sysglobl.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-06-29 19:46 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
    + 2007-04-17 20:24 . 2011-03-03 13:21 1857920 c:\windows\system32\win32k.sys
    + 2006-02-14 16:20 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll
    - 2007-04-17 13:30 . 2011-03-22 12:00 4309736 c:\windows\system32\FNTCACHE.DAT
    + 2007-04-17 13:30 . 2011-06-29 20:22 4309736 c:\windows\system32\FNTCACHE.DAT
    + 2008-12-15 19:04 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
    + 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\1da6e3.msp
    + 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\1da6c1.msp
    + 2008-12-16 17:56 . 2011-06-29 20:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-12-16 17:56 . 2010-12-16 12:36 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-12-31 13:52 . 2011-03-10 11:32 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-12-31 13:52 . 2011-03-10 11:32 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-12-31 13:52 . 2011-06-29 20:10 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2010-10-05 11:32 . 2010-10-05 11:32 2933248 c:\windows\assembly\temp\6EMU2AIQY6\System.Data.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
    + 2011-06-29 20:15 . 2011-06-29 20:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5018d7d39ee99a18c2c17d68837a7a6d\System.Data.OracleClient.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
    + 2011-06-29 20:15 . 2011-06-29 20:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2011-06-29 20:14 . 2011-06-29 20:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-06-29 20:13 . 2011-06-29 20:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-10-05 11:31 . 2010-10-05 11:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-10-05 11:32 . 2011-06-29 20:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2010-10-05 11:32 . 2010-10-05 11:32 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-10-05 11:32 . 2011-06-29 20:14 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\1da700.msp
    + 2011-06-29 20:17 . 2011-06-29 20:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
    + 2011-06-29 20:18 . 2011-06-29 20:18 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
    + 2011-06-29 20:17 . 2011-06-29 20:17 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
    + 2011-06-29 20:16 . 2011-06-29 20:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
    + 2011-06-29 20:15 . 2011-06-29 20:15 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    (( Reg Loading Points ))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]
    "VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]
    "VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]
    "QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
    "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
    "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
    "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
    "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
    "HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
    "Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Sean\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-6-15 295606]
    Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2008-12-16 738968]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
    "c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 4:25 PM 14720]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/29/2011 7:02 AM 136360]
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 10:13 PM 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 10:13 PM 33024]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:24 PM 36352]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 4:24 PM 808448]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/13/2011 11:52 AM 22712]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 4:25 PM 31104]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/13/2011 11:52 AM 366640]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2008-12-15 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - www.msn.com
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    .
    ****************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-29 17:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    ***************
    .
    ---- DLLs Loaded Under Running Processes ----
    .
    - - - - - - - > 'winlogon.exe'(1204)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\fusstub.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\passport.dll
    c:\program files\Protector Suite QL\BhTcAll.dll
    c:\program files\Protector Suite QL\BhDevTfm.dll
    c:\program files\Protector Suite QL\AlgVer.dll
    c:\program files\Protector Suite QL\TCBioLib.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\windows\system32\VESWinlogon.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\config.dll
    .
    Completion time: 2011-06-29 17:22:26
    ComboFix-quarantined-files.txt 2011-06-29 21:22
    ComboFix2.txt 2011-06-29 19:48
    .
    Pre-Run: 18,054,324,224 bytes free
    Post-Run: 18,069,913,600 bytes free
    .
    - - End Of File - - 0DADB49154DA9A6661B59E3FB704159D
  8. oldskool68

    oldskool68 TS Rookie Topic Starter

    Here is the ESET SCAN

    C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application
    C:\Qoobox\Quarantine\C\WINDOWS\usosamoqixates.dll.vir a variant of Win32/Kryptik.NCK trojan
    C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP868\A0245471.dll a variant of Win32/Kryptik.NCK trojan
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Use this link for the Adobe Reader update: http://www.adobe.com/support/downloads/detail.jsp?ftpID=5139

    Remove this scheduled Task:
    2008-12-15 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-04-17 00:12]
    . To do that: Scheduled Tasks
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. Find this Task: c:\windows\Tasks\Registration reminder 1.job/c:\windows\system32\OOBE\oobebaln.exe
    4. To delete a task> right-click the task> click Delete.
    ============================================
    Do you intentionally have this set in Firefox? FF - prefs.js: browser.search.selectedEngine - Ask.com
    I will recommend that you change it>> Google instead?
    =============================================
    And for the 1 active malware entry in the Eset log:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Program Files\PageRage\YontooIEClient.dll 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================================
  10. oldskool68

    oldskool68 TS Rookie Topic Starter

    I don't ever remember selecting Ask.com as my search engine of choice, as a matter of fact, I don't even have the widgit installed on my toolbar anywhere. If you could instruct me on how to change it to google, that would be appreciated.

    Otherwise, here is the log you requested...

    All processes killed
    ========== FILES ==========
    C:\Program Files\PageRage\YontooIEClient.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Flash cache emptied: 591 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: Sean
    ->Temp folder emptied: 1341 bytes
    ->Temporary Internet Files folder emptied: 256795928 bytes
    ->Java cache emptied: 3052449 bytes
    ->FireFox cache emptied: 120391427 bytes
    ->Flash cache emptied: 614495 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 242073 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66066 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 60234 bytes
    RecycleBin emptied: 258 bytes

    Total Files Cleaned = 364.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 06292011_231415

    Files moved on Reboot...
    C:\WINDOWS\temp\inf1clrg.tmp moved successfully.

    Registry entries deleted on Reboot...
  11. oldskool68

    oldskool68 TS Rookie Topic Starter

    I fixed the ask.com issue and changed it to firefox. Thanks for the heads up!!!
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The thing with Ask.com is not selecting it, it's unselecting it! It is prechecked on many download screens, so examine the screens carefully before you download and uncheck the toolbars and BHOs. You will see the Yahoo Toolbar prechecked also. These nuisances are very pushy! Once on a system, they tend to spread.
    =========================================
    AV: AntiVir Desktop *Enabled/Updated*>> When you run cleaning scans, please check the directions carefully. Combofix instruction is clear on this:
    ===========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\windows\Nheluxaf.bin
    c:\documents and settings\sean\local settings\application data\{63CBF8FE-56B9-412B-831B-C2DFB430BFDF} ----
    Extra::
    File::
    Firefox::
    Firefox-: - Profile - c:\documents and settings\sean\application data\mozilla\firefox\profiles\dqop1m2t.default\
    Firefox-: - prefa.js - Browser.SearchURL
    DDS::
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please be sure both the Adobe Reader and Java are udated and that you remove the old version.
    Java Updates
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ====================
    Has the redirect been resolved? Are there any other malware related problems?
  13. oldskool68

    oldskool68 TS Rookie Topic Starter

    Yes, everything seems to be running fine now. No noticeable issues happening except that I am now getting a ton of spam mail from USPS. I guess I have to turn the sensitivity on mail email defense system. Here is the log though...

    ComboFix 11-06-30.03 - Sean 06/30/2011 19:46:03.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1362 [GMT -4:00]
    Running from: c:\documents and settings\Sean\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Sean\My Documents\Downloads\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Thumbs.db
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-30 03:22 . 2011-06-30 03:22 -------- d-----w- c:\windows\LastGood
    2011-06-30 03:14 . 2011-06-30 03:14 -------- dc----w- C:\_OTM
    2011-06-29 21:36 . 2011-06-29 21:36 -------- d-----w- c:\program files\ESET
    2011-06-29 19:33 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
    2011-06-29 19:33 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\program files\Common Files\Java
    2011-06-29 13:33 . 2011-06-29 13:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\program files\Java
    2011-06-29 11:02 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-29 11:02 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-29 11:02 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-29 11:02 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-29 11:01 . 2011-06-29 11:01 -------- d-----w- c:\program files\Avira
    2011-06-29 11:01 . 2011-06-29 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-27 02:13 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-06-26 03:10 . 2011-06-29 15:34 0 ----a-w- c:\windows\Nheluxaf.bin
    2011-06-26 03:09 . 2011-06-30 03:14 -------- d-----w- c:\program files\PageRage
    2011-06-13 01:39 . 2011-06-13 01:39 -------- dc----w- C:\MPS
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-29 13:33 . 2010-05-08 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-26 23:19 . 2010-08-29 14:23 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-05-29 13:11 . 2011-04-13 15:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2011-04-13 15:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-16 04:17 . 2011-06-27 00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]
    "VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]
    "VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]
    "QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
    "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
    "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
    "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
    "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
    "HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
    "Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Sean\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-6-15 295606]
    Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2008-12-16 738968]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
    "c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 4:25 PM 14720]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/29/2011 7:02 AM 136360]
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 10:13 PM 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 10:13 PM 33024]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:24 PM 36352]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 4:24 PM 808448]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/13/2011 11:52 AM 22712]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 4:25 PM 31104]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/13/2011 11:52 AM 366640]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - www.msn.com
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-30 19:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    .
    ----- DLLs Loaded Under Running Processes -------
    .
    - - - - - - - > 'winlogon.exe'(1188)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\fusstub.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\passport.dll
    c:\program files\Protector Suite QL\BhTcAll.dll
    c:\program files\Protector Suite QL\BhDevTfm.dll
    c:\program files\Protector Suite QL\AlgVer.dll
    c:\program files\Protector Suite QL\TCBioLib.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\windows\system32\VESWinlogon.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\config.dll
    .
    Completion time: 2011-06-30 19:50:32
    ComboFix-quarantined-files.txt 2011-06-30 23:50
    ComboFix2.txt 2011-06-30 23:42
    ComboFix3.txt 2011-06-29 21:22
    ComboFix4.txt 2011-06-29 19:48
    .
    Pre-Run: 17,938,624,512 bytes free
    Post-Run: 17,932,574,720 bytes free
    .
    - - End Of File - - 2A0D174163739693371A12E16A7539A6
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The thumbs.db keeps coming up as deleted in Combofix. It has deleted it in 2 different scans. Legitimately, this file is a cache of the thumbnail pictures in a directory. It speeds up the showing of thumbnails when you are viewing a folder in Thumbnail view.
    [​IMG]
    While this might be a convenience, it takes up disk space. The space may be small, but is cumulative and if you have a lot of thumbs.db files on your hard drive you may be able to save some valuable space by removing them.

    But a thumbs.db can also be set up by the Worm:Win32/SillyShareCopy.E: Since Combofix keeps deleting the file, there is most likely a malware infection within it. Since you really don't need this, let's shut it down:

    To turn this feature off, do the following:
    1. Access Folder Options through either the Control Panel it Tools in IE
    2. Click on > View Tab
    3. Check "Do not cache thumbnails"
    4. Click Apply> OK
    5. Close My Computer

    Follow the next steps to remove the thumbs.db files from your hard drive
    1. Click on Start> Search> All Files and Folders
    2. Type the following in the section called "all or part of the file name"
      thumbs.db
    3. In the Look in box, make sure Local Hard Drives is chosen
    4. Click Search
    5. A long list of thumbs.db files should appear, click on Edit> Select All
    6. Click on File, and choose Delete
    7. Close the Search Results window
    If you are low on disk space and don't use the Thumbnail view to show your files, this may save you some valuable disk space.

    NOTE: This does not delete images and you can still view in thumbnails by changing the view screen.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.