TechSpot

Requesting approval to follow the 8 steps

By Dcarr
Apr 28, 2011
  1. Hello all,
    I have some very strange things going on with my computer. I use AVG, SUPERAntimalware, CCleaner and Malwarebytes. Using these tools I have done a pretty good job at keeping my computer clean. Here not to long ago my wife downloaded a virus called rouge.mysecurityshield and rouge.antimalwaredoctor and I ran my scans thus removing the viruses. I have been able to find no trace of these files anywhere on my computer.

    This being said I still believe I am infected due to some piculiar behavior from my computer. Here is a list of the things happening.

    1. Can not go to google.com or use yahoo.com search ingine
    2. My windows updates are popping up in the tray but I can not install them when I click on it, it disapeers.
    3. Slow
    4. My pop up blocker says it is working but it isn't

    Bellow are some of the actions I have taken that I believe were mistakes.

    1. In safe mode I removed all my anti virus/ malware programs then reinstalled them and ran them one by one. This was to no avail and have made my computer slower.
    2. Tried to do a system restore. I wish I had found this forum first but I did this once and then found my problem was not fixed and tried several more times but it would not allow me to.

    So I just wanted to give a short history before I started to do the 8 steps because I wanted to be sure I had not already messed up too much to start there or that I was not beyond that at this point.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! You most surely have my approval to go through these steps:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Now that you are in my hands, please observe the following:
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    These scans will give me some idea of what's on the system and what the most appropriate next is. Hold off on the Windows updating for now. We'll work on the redirects first.
     
  3. Dcarr

    Dcarr TS Rookie Topic Starter

    Do I also have your permission to run AVG or shall I uninstall that and install Avast?

    edit: I downloaded Avast. It is now asking me to do this, "To finish the clean up process, we recommend running a boot-time scan, i.e restarting the computer and letting Avast! scan all your data before windows starts. Do you want to schedule the boot-time scan and restart the computer now?"
    Shall I do this or say no and let the scan that is happening continue? Also do I remove infected files and restart when the scan is done then copy the log?
     
  4. Dcarr

    Dcarr TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6468

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/28/2011 9:59:52 PM
    mbam-log-2011-04-28 (21-59-52).txt

    Scan type: Quick scan
    Objects scanned: 155255
    Time elapsed: 6 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA3A1762]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A79A27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A79A27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A79A27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A79A27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A79A27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A79A27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP4T0L0-12 8A79A27F
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Device\Ide\IdeDeviceP3T0L0-7 -> \??\IDE#DiskHitachi_HDP725016GLA380_________________GMBOA52A#5&2422feac&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/3/2009 7:29:14 PM
    System Uptime: 4/28/2011 9:46:17 PM (1 hours ago)
    .
    Motherboard: eMachines | | WMCP61M
    Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 69 GiB total, 43.379 GiB free.
    D: is FIXED (NTFS) - 70 GiB total, 69.758 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP725: 1/28/2011 6:45:35 PM - System Checkpoint
    RP726: 1/29/2011 7:35:13 PM - System Checkpoint
    RP727: 1/30/2011 8:58:59 PM - System Checkpoint
    RP728: 1/31/2011 9:51:02 PM - System Checkpoint
    RP729: 2/1/2011 10:35:13 PM - System Checkpoint
    RP730: 2/2/2011 11:35:13 PM - System Checkpoint
    RP731: 2/4/2011 12:30:35 AM - System Checkpoint
    RP732: 2/5/2011 1:30:35 AM - System Checkpoint
    RP733: 2/6/2011 2:30:38 AM - System Checkpoint
    RP734: 2/7/2011 3:30:38 AM - System Checkpoint
    RP735: 2/8/2011 3:33:01 AM - System Checkpoint
    RP736: 2/9/2011 4:33:01 AM - System Checkpoint
    RP737: 2/9/2011 6:22:59 PM - Software Distribution Service 3.0
    RP738: 2/10/2011 6:35:06 PM - System Checkpoint
    RP739: 2/11/2011 7:34:02 PM - System Checkpoint
    RP740: 2/12/2011 7:51:34 PM - System Checkpoint
    RP741: 2/13/2011 10:01:38 AM - Removed Skype Toolbars
    RP742: 2/13/2011 10:02:14 AM - Removed Skype™ 4.2
    RP743: 2/14/2011 10:28:42 AM - System Checkpoint
    RP744: 2/15/2011 11:08:18 AM - System Checkpoint
    RP745: 2/16/2011 1:04:17 PM - System Checkpoint
    RP746: 2/17/2011 2:03:06 PM - System Checkpoint
    RP747: 2/18/2011 3:28:41 PM - System Checkpoint
    RP748: 2/19/2011 4:04:11 PM - System Checkpoint
    RP749: 2/20/2011 4:06:54 PM - System Checkpoint
    RP750: 2/21/2011 4:12:49 PM - System Checkpoint
    RP751: 2/22/2011 5:03:06 PM - System Checkpoint
    RP752: 2/23/2011 6:23:18 PM - System Checkpoint
    RP753: 2/24/2011 7:03:06 PM - System Checkpoint
    RP754: 2/25/2011 8:04:11 PM - System Checkpoint
    RP755: 2/26/2011 9:03:07 PM - System Checkpoint
    RP756: 2/27/2011 9:04:12 PM - System Checkpoint
    RP757: 2/28/2011 10:03:16 PM - System Checkpoint
    RP758: 3/1/2011 11:03:15 PM - System Checkpoint
    RP759: 3/3/2011 12:32:30 AM - System Checkpoint
    RP760: 3/4/2011 1:35:10 AM - System Checkpoint
    RP761: 3/5/2011 2:03:15 AM - System Checkpoint
    RP762: 3/6/2011 3:03:15 AM - System Checkpoint
    RP763: 3/7/2011 4:03:16 AM - System Checkpoint
    RP764: 3/8/2011 3:00:14 AM - Software Distribution Service 3.0
    RP765: 3/9/2011 3:03:16 AM - System Checkpoint
    RP766: 3/10/2011 3:00:14 AM - Software Distribution Service 3.0
    RP767: 3/11/2011 3:03:16 AM - System Checkpoint
    RP768: 3/12/2011 4:03:16 AM - System Checkpoint
    RP769: 3/13/2011 5:03:16 AM - System Checkpoint
    RP770: 3/14/2011 6:14:18 AM - System Checkpoint
    RP771: 3/15/2011 8:43:14 AM - System Checkpoint
    RP772: 3/16/2011 3:00:14 AM - Software Distribution Service 3.0
    RP773: 3/17/2011 3:21:17 AM - System Checkpoint
    RP774: 3/18/2011 4:21:17 AM - System Checkpoint
    RP775: 3/19/2011 6:26:15 AM - System Checkpoint
    RP776: 3/20/2011 9:33:29 AM - System Checkpoint
    RP777: 3/21/2011 10:10:14 AM - System Checkpoint
    RP778: 3/22/2011 5:05:13 PM - System Checkpoint
    RP779: 3/22/2011 7:10:39 PM - Installed Java(TM) 6 Update 24
    RP780: 3/23/2011 7:39:29 PM - System Checkpoint
    RP781: 3/24/2011 8:49:30 PM - System Checkpoint
    RP782: 3/26/2011 9:41:52 AM - System Checkpoint
    RP783: 3/27/2011 10:32:07 AM - System Checkpoint
    RP784: 3/28/2011 11:07:07 AM - System Checkpoint
    RP785: 3/29/2011 11:08:13 AM - System Checkpoint
    RP786: 3/30/2011 12:02:39 PM - System Checkpoint
    RP787: 3/31/2011 12:17:03 PM - System Checkpoint
    RP788: 4/1/2011 12:24:13 PM - System Checkpoint
    RP789: 4/2/2011 12:44:32 PM - System Checkpoint
    RP790: 4/3/2011 1:08:31 PM - System Checkpoint
    RP791: 4/4/2011 2:18:36 PM - System Checkpoint
    RP792: 4/5/2011 3:58:38 PM - System Checkpoint
    RP793: 4/6/2011 7:11:29 PM - System Checkpoint
    RP794: 4/7/2011 7:39:00 PM - System Checkpoint
    RP795: 4/8/2011 9:03:57 PM - System Checkpoint
    RP796: 4/9/2011 9:39:00 PM - System Checkpoint
    RP797: 4/10/2011 10:39:00 PM - System Checkpoint
    RP798: 4/11/2011 11:39:00 PM - System Checkpoint
    RP799: 4/12/2011 11:39:05 PM - System Checkpoint
    RP800: 4/13/2011 7:27:36 PM - Installed Windows Internet Explorer 8.
    RP801: 4/13/2011 8:47:47 PM - Removed AVG 2011
    RP802: 4/13/2011 8:48:40 PM - Removed AVG 2011
    RP803: 4/13/2011 9:02:24 PM - Installed AVG 2011
    RP804: 4/13/2011 9:02:44 PM - Installed AVG 2011
    RP805: 4/14/2011 5:38:25 AM - Removed AVG 2011
    RP806: 4/14/2011 5:39:19 AM - Removed AVG 2011
    RP807: 4/15/2011 6:19:37 AM - System Checkpoint
    RP808: 4/15/2011 6:44:12 PM - Installed AVG 2011
    RP809: 4/15/2011 6:44:37 PM - Installed AVG 2011
    RP810: 4/16/2011 9:08:50 PM - System Checkpoint
    RP811: 4/17/2011 9:48:32 PM - System Checkpoint
    RP812: 4/18/2011 10:36:32 PM - System Checkpoint
    RP813: 4/19/2011 10:36:35 PM - System Checkpoint
    RP814: 4/20/2011 11:36:36 PM - System Checkpoint
    RP815: 4/22/2011 12:36:36 AM - System Checkpoint
    RP816: 4/23/2011 1:36:36 AM - System Checkpoint
    RP817: 4/24/2011 2:45:51 AM - System Checkpoint
    RP818: 4/24/2011 7:12:28 AM - Restore Operation
    RP819: 4/24/2011 7:58:45 AM - Restore Operation
    RP820: 4/24/2011 8:18:31 AM - Restore Operation
    RP821: 4/24/2011 8:41:07 AM - Restore Operation
    RP822: 4/24/2011 7:28:43 PM - Installed AVG 2011
    RP823: 4/24/2011 7:29:12 PM - Installed AVG 2011
    RP824: 4/25/2011 6:47:47 PM - Removed AVG 2011
    RP825: 4/25/2011 6:48:40 PM - Removed AVG 2011
    RP826: 4/26/2011 6:54:08 PM - System Checkpoint
    RP827: 4/27/2011 7:08:14 PM - System Checkpoint
    RP828: 4/28/2011 7:08:24 PM - avast! Free Antivirus Setup
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.getantivirusplusnow.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 www.getavplusnow.com
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 216.45.48.244 www.google.com
    Hosts: 216.45.48.244 google.com
    Hosts: 216.45.48.244 google.com.au
    Hosts: 216.45.48.244 www.google.com.au
    Hosts: 216.45.48.244 google.be
    Hosts: 216.45.48.244 www.google.be
    Hosts: 216.45.48.244 google.com.br
    Hosts: 216.45.48.244 www.google.com.br
    Hosts: 216.45.48.244 google.ca
    Hosts: 216.45.48.244 www.google.ca
    Hosts: 216.45.48.244 google.ch
    Hosts: 216.45.48.244 www.google.ch
    Hosts: 216.45.48.244 google.de
    Hosts: 216.45.48.244 www.google.de
    Hosts: 216.45.48.244 google.dk
    Hosts: 216.45.48.244 www.google.dk
    Hosts: 216.45.48.244 google.fr
    Hosts: 216.45.48.244 www.google.fr
    Hosts: 216.45.48.244 google.ie
    Hosts: 216.45.48.244 www.google.ie
    Hosts: 216.45.48.244 google.it
    Hosts: 216.45.48.244 www.google.it
    Hosts: 216.45.48.244 google.co.jp
    Hosts: 216.45.48.244 www.google.co.jp
    Hosts: 216.45.48.244 google.nl
    Hosts: 216.45.48.244 www.google.nl
    Hosts: 216.45.48.244 google.no
    Hosts: 216.45.48.244 www.google.no
    Hosts: 216.45.48.244 google.co.nz
    Hosts: 216.45.48.244 www.google.co.nz
    Hosts: 216.45.48.244 google.pl
    Hosts: 216.45.48.244 www.google.pl
    Hosts: 216.45.48.244 google.se
    Hosts: 216.45.48.244 www.google.se
    Hosts: 216.45.48.244 google.co.uk
    Hosts: 216.45.48.244 www.google.co.uk
    Hosts: 216.45.48.244 google.co.za
    Hosts: 216.45.48.244 www.google.co.za
    Hosts: 216.45.48.244 www.google-analytics.com
    Hosts: 216.45.48.244 www.bing.com
    Hosts: 216.45.48.244 search.yahoo.com
    Hosts: 216.45.48.244 www.search.yahoo.com
    Hosts: 216.45.48.244 uk.search.yahoo.com
    Hosts: 216.45.48.244 ca.search.yahoo.com
    Hosts: 216.45.48.244 de.search.yahoo.com
    Hosts: 216.45.48.244 fr.search.yahoo.com
    Hosts: 216.45.48.244 au.search.yahoo.com
    .
    ==== Installed Programs ======================
    .
    AAC Decoder
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.6
    Agere Systems PCI-SV92EX Soft Modem
    Ares 2.1.1
    AutoUpdate
    avast! Free Antivirus
    AVG 2011
    Bonjour
    BufferChm
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    CyberLink DVD Suite
    CyberLink Power2Go
    CyberLink PowerDVD
    D1500
    D1500_Help
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DJ_SF_03_D1500_ProductContext
    DJ_SF_03_D1500_Software
    DJ_SF_03_D1500_Software_Min
    eMachines Games
    eSupportQFolder
    Facebook Plug-In
    GearDrvs
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    GPBaseService2
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 10.0
    HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Photosmart Essential 2.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    HPSSupply
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 13
    Java(TM) 6 Update 18
    Java(TM) 6 Update 23
    Java(TM) 6 Update 5
    LightScribe 1.4.142.1
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MKV Splitter
    Mozilla Firefox (3.6.15)
    MSVCSetup
    NTI Media Maker 8
    NVIDIA Drivers
    OpenOffice.org 3.2
    PerfectDisk 10 Professional
    PSSWCORE
    QuickTime
    Realtek High Definition Audio Driver
    Recuva
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    TrayApp
    Uniblue ProcessQuickLink 2
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.762
    Ventrilo Client
    VideoToolkit01
    VLC media player 1.0.1
    WebEx
    WebEx Productivity Tools
    WebFldrs XP
    WebReg
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Workspace Desktop
    Yahoo! Software Update
    Yahoo! Toolbar
    Zynga Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/28/2011 9:31:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The PDAgent service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:03 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 9:31:03 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
    4/28/2011 8:22:12 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    4/28/2011 12:13:52 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    4/28/2011 1:35:32 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D72B254D9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    4/28/2011 1:24:56 PM, error: Dhcp [1002] - The IP address lease 67.60.87.41 for the Network Card with network address 001D72B254D9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    4/26/2011 5:04:45 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
    4/26/2011 5:04:39 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    4/26/2011 5:04:39 AM, error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    4/26/2011 5:04:31 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 6:57:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips Processor SASDIFSV SASKUTIL
    4/25/2011 6:44:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    4/25/2011 5:41:33 PM, error: Service Control Manager [7034] - The File Backup Service service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:41:17 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/25/2011 5:28:45 PM, error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The Alerter service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:28:35 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:28:22 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:28:22 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    4/25/2011 5:19:51 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
    4/25/2011 5:06:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    4/25/2011 5:06:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/25/2011 12:15:31 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0017EE7043FD. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    4/24/2011 8:40:41 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    4/24/2011 8:39:16 AM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
    4/24/2011 6:42:56 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    .
    ==== End Of File ===========================
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Delbert Carr at 22:12:09.93 on Thu 04/28/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2117 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Starfield\WorkspaceUpdate.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Starfield\offSyncService.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    H:\virus suit\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Starfield Updater] "c:\program files\starfield\WorkspaceUpdate.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
    mRun: [LaunchApp]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjAyMTEyMzU4LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLVZJUDEwKzEtRjEwTTEwRCsyLUNJQTEwKzItRkwxMCsxLUxJQysxLVhPMTArMTE"&"prod=90"&"ver=10.0.1325
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nazcare.webex.com/client/T27L/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\delber~1\applic~1\mozilla\firefox\profiles\ehxjen98.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\{ec5def39-7b74-48b7-a4e7-1d95bb1674a8}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\webex\productivity tools\components\OCFF.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npoff.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npoff.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npwbe.dll
    FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npwbe.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-28 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-28 307288]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-28 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-28 42184]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1215216]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
    .
    =============== Created Last 30 ================
    .
    2011-04-29 04:52:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 04:52:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 02:09:16 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 02:08:43 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-29 02:08:24 -------- d-----w- c:\program files\AVAST Software
    2011-04-29 02:08:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-04-26 13:31:00 -------- d-----w- c:\docume~1\delber~1\locals~1\applic~1\PackageAware
    2011-04-26 12:07:51 -------- d-----w- c:\program files\Uniblue
    2011-04-24 14:17:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-04-24 14:17:52 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-16 01:44:51 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-04-14 12:32:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2011-04-14 12:11:46 -------- d-----w- c:\docume~1\delber~1\locals~1\applic~1\AVG Security Toolbar
    2011-04-14 02:26:01 -------- dc-h--w- c:\windows\ie8
    2011-04-01 03:29:12 -------- d-----w- c:\docume~1\delber~1\applic~1\SUPERAntiSpyware.com
    2011-04-01 03:29:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-04-01 03:27:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-31 00:17:22 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    .
    ==================== Find3M ====================
    .
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Hitachi_HDP725016GLA380 rev.GMBOA52A -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-7
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A79A439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7a07d0]; MOV EAX, [0x8a7a084c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7ACAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006b[0x8A911250]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A865D98]
    \Driver\atapi[0x8A8ABBB8] -> IRP_MJ_CREATE -> 0x8A79A439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
    detected disk devices:
    \Device\Ide\IdeDeviceP3T0L0-7 -> \??\IDE#DiskHitachi_HDP725016GLA380_________________GMBOA52A#5&2422feac&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A79A27F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 22:14:21.76 ===============
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Your questions / My answers:
    Please read the steps in the thread carefully. If you already had an antivirus program, you did not need to change it. Avast and Avira are only left as recommendation to put a free AV on the system is none is running.
    2. Shall I do this or say no and let the scan that is happening continue? 3. Also do I remove infected files and restart when the scan is done then copy the log?
    1. No 2. Omit the scan 3. Close the scan.
    =====================================================
    Unfortunately, you now have both AVG and Avast running and this is an added vulnerability to the system. In addition to that, you have malware infection called Windows Security Suite and your host files have been hijacked.

    And to add to that, you have a rootkit malware infection> Please follow these directions I have set up for you carefully. If you don't understand something, please stop and ask. One of the programs I am going to have you run will not work with AVG on the system. Since you have Avast, for now, uninstall AVG as follows
    Download AppRemover and save to the desktop]
    How to Use AppRemover to Remove a Complete Security Application
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      http://www.appremover.com/about/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
      [*] Check the AVG program you want to uninstall
      [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]
      [b]Reboot the computer[/b]
      ========================================
      Run this program: [list]
      [*] Download the file [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b][color=blue]TDSSKiller.zip[/b][/color][/url] and save to the desktop.
      [B](If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)[/B]
      [*][B]Right[/B]-click the [B]tdsskiller.zip [/B]file> Select [B]Extract All [/B]into a folder on the infected (or potentially infected) PC.
      [*] Double click on [b]TDSSKiller.exe.[/b] to run the scan
      [*] When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
      [*] Select the action [b]Quarantine[/b] to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
      [*] After clicking Next, the utility applies selected actions and outputs the result. [b]Please leave the log in your next reply.
      [*] A reboot is required after disinfection.[/list]
      ================================
      [b]Summary[/b]
      1. Close and ignore Avast scan.
      2. Uninstall AVG
      3. Run TDSSKiller and leave log with next reply
      4. Go on to my next reply after you have finished the above.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    After you have completed this:
    1. Close and ignore Avast scan.
    2. Uninstall AVG
    3. Run TDSSKiller and leave log with next reply
    >>>>>>>>>>>>>>>go on and run the following>>>>>>>>>>>>>>>>>>>>>>
    4. Please note: If you have Combofix on the desktop already, please uninstall it and download the newset version below:.Uninstall ComboFix if needed:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Leave the TDSSKiller log from the previous post.
    Leave the Combofix log

    If you have any questions or problems, please stop and ask me- don't try solving it on your own. We are patient and glad to help.
     
  7. Dcarr

    Dcarr TS Rookie Topic Starter

    okay so bellow is the log for how I read your instructions regarding TDSSKiller. Please let me know if I did this correctly because I was a little confused with the directions. My confusion was with the fact that it auto selects cure or delte but the directions did not say to cure or delte them but to quarantine so the only option under the drop down that was close was the copy to quarantine option. So I hope I did it right if not let me know. Thanks.

    \HardDisk0 - copied to quarantine
    \HardDisk0\TDLFS\cfg.ini - copied to quarantine
    \HardDisk0\TDLFS\mbr - copied to quarantine
    \HardDisk0\TDLFS\bckfg.tmp - copied to quarantine
    \HardDisk0\TDLFS\cmd.dll - copied to quarantine
    \HardDisk0\TDLFS\ldr16 - copied to quarantine
    \HardDisk0\TDLFS\ldr32 - copied to quarantine
    \HardDisk0\TDLFS\ldr64 - copied to quarantine
    \HardDisk0\TDLFS\drv64 - copied to quarantine
    \HardDisk0\TDLFS\cmd64.dll - copied to quarantine
    \HardDisk0\TDLFS\drv32 - copied to quarantine
    \HardDisk0\TDLFS\dkmks.tmp - copied to quarantine
    \HardDisk0\TDLFS\r.dll - copied to quarantine
     
  8. Dcarr

    Dcarr TS Rookie Topic Starter

    ComboFix 11-04-28.02 - Delbert Carr 04/29/2011 21:56:42.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2428 [GMT -7:00]
    Running from: h:\virus suit\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    PEV Error: AppFolder
    PEV Error: FavFile
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Delbert Carr\Application Data\Adobe\plugs
    c:\documents and settings\Delbert Carr\Application Data\Adobe\shed
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome.manifest
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome\content\_cfg.js
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome\content\c.js
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome\content\overlay.xul
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\install.rdf
    C:\Microsoft
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-30 00:49 . 2011-04-30 00:49 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-04-29 04:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 04:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 02:09 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-29 02:09 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-29 02:09 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 02:09 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-29 02:09 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-29 02:09 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-04-29 02:09 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-04-29 02:09 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-04-29 02:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-29 02:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\program files\AVAST Software
    2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-26 13:31 . 2011-04-26 13:31 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\PackageAware
    2011-04-26 12:07 . 2011-04-26 13:36 -------- d-----w- c:\program files\Uniblue
    2011-04-24 17:11 . 2011-04-24 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-04-24 14:17 . 2011-04-24 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-17 01:27 . 2011-04-17 01:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    2011-04-16 01:44 . 2011-04-30 00:40 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-04-14 12:32 . 2011-04-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-04-14 12:11 . 2011-04-14 12:11 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
    2011-04-14 02:26 . 2011-04-14 02:28 -------- dc-h--w- c:\windows\ie8
    2011-04-02 16:52 . 2011-04-02 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\Delbert Carr\Application Data\SUPERAntiSpyware.com
    2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-01 03:27 . 2011-04-25 02:13 -------- d-----w- c:\program files\SUPERAntiSpyware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2008-04-14 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-03 04:40 . 2010-06-20 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 02:19 . 2008-02-22 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2008-04-14 22:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-18 17:53 . 2011-03-24 12:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-06 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2010-12-06 15:32 2735200 ----a-w- c:\program files\Zynga\tbZyn1.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
    2009-11-05 22:29 642752 ----a-w- c:\program files\kikin\ie_kikin.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-06 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-06 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
    "Starfield Updater"="c:\program files\Starfield\WorkspaceUpdate.exe" [2011-02-17 33984]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-25 2423752]
    "Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    2008-07-10 23:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2007-01-09 06:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-02-25 05:29 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
    2009-10-31 13:07 271688 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
    2009-10-31 13:08 247112 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
    2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
    2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3242:TCP"= 3242:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/28/2011 7:09 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/28/2011 7:09 PM 307288]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2011 7:09 PM 19544]
    R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1215216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    FF - ProfilePath - c:\documents and settings\Delbert Carr\Application Data\Mozilla\Firefox\Profiles\ehxjen98.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-LaunchApp - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-29 22:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-04-29 22:28:25
    ComboFix-quarantined-files.txt 2011-04-30 05:28
    .
    Pre-Run: 47,371,857,920 bytes free
    Post-Run: 47,346,941,952 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - A8B0F264AD696A0831A8EAED140FCDEC
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- but please, when you get a log from a program, you should leave the entire log, not just the art you think I need. I will recheck for a rootkit again but there is some house keeping for you to do:

    1. Java: You have 5 versions of Java on the system. These are a vulnerability toi the system. Running the program below will remove the all of the Java entries and give you the link for the current version v6u25. Unfortunately, when Java is updated, it doesn't overwrite the previous version. So you have to go into Add/Remove Programs and uninstall there:
    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.
    Note: I do not need to see this log- please don't leave it.

    Then download and install then most current version and update of Java Runtime
    Environment (JRE)
    HERE.
    =============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    DDS::
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
    uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
    mRun: [LaunchApp] 
    IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{7B13EC3E-999A-4B70-B9CB-2617B8323822}"=-
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Uniblue ProcessQuickLink 2"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Note: I have removed some entries for programs that put your system at risk, or use the resources unnecessarily. They are:

    • [*]kikin.com browser plugin. Kikin Inc is reportedly "an internet advertising company whose goal is to enhance a user’s search experience without changing the user's search behavior" - comes bundled with third party software such as JDownloader and Audiograbber. You don't want anything that "comes bundled with....! Check their Privacy Policy: http://www.kikin.com/privacy
      [*]Zynga: connect users socially through games. Through 2009 Zynga made money from lead generation advertising schemes, whereby game participants would earn game points by signing up for featured credit cards or video-rental services.
      [*] Process Quick Link by Uniblue populates your taskmanager process list with links containing information about the various processes obtained from Uniblue's web site..Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
      [*]Ares :eek:pen source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc. ..
    ==========================================
    Please see next reply for additional information. You can leave the new log from Combofix in your next reply.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When you have finished running Combofix, you can complete the uninstallation for the programs I stopped and remove their program folder.

    Note: None of the following are malware. But adware, bundles software and file sharing put your system at risk. IF you do not want to uninstall these programs, it is your choice.

    Go to the Control Panel> Add/Remove Program> Uninstall these programs and any related entries:
    Zynga
    Kilkin
    Uniblue Power Process QuickLink
    Ares (Entries may also show Vuze)

    ===================================
    After the uninstalls, use Windows Explorer to delete the program files:
    Right click on the Taskbar> Select Explore> Click on My Computer> Double click on Local Drive (C)> Programs> Look for and do a right click> Delete on folder for each of the uninstalled programs
    ==================================
    Reboot the computer. Let mew know how the system is doing.
     
  11. Dcarr

    Dcarr TS Rookie Topic Starter

     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, no problem. I see this is just the quarantine log, not the scan itself.
     
  13. Dcarr

    Dcarr TS Rookie Topic Starter

    ComboFix 11-04-30.02 - Delbert Carr 04/30/2011 17:51:45.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2343 [GMT -7:00]
    Running from: h:\virus suit\ComboFix.exe
    Command switches used :: c:\documents and settings\Delbert Carr\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\kikin\ie_kikin.dll
    c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe
    c:\program files\zynga\tbZyn1.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-30 10:09 . 2011-04-30 10:09 -------- d-----w- c:\windows\ServicePackFiles
    2011-04-30 00:49 . 2011-04-30 00:49 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-04-29 04:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 04:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 02:09 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-29 02:09 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-29 02:09 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 02:09 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-29 02:09 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-29 02:09 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-04-29 02:09 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-04-29 02:09 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-04-29 02:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-29 02:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\program files\AVAST Software
    2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-26 13:31 . 2011-04-26 13:31 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\PackageAware
    2011-04-26 12:07 . 2011-04-26 13:36 -------- d-----w- c:\program files\Uniblue
    2011-04-24 17:11 . 2011-04-24 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-04-24 14:17 . 2011-04-24 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-17 01:27 . 2011-04-17 01:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    2011-04-16 01:44 . 2011-04-30 00:40 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-04-14 12:32 . 2011-04-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-04-14 12:11 . 2011-04-14 12:11 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
    2011-04-14 02:26 . 2011-04-14 02:28 -------- dc-h--w- c:\windows\ie8
    2011-04-02 16:52 . 2011-04-02 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\Delbert Carr\Application Data\SUPERAntiSpyware.com
    2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-01 03:27 . 2011-04-25 02:13 -------- d-----w- c:\program files\SUPERAntiSpyware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-01 00:37 . 2010-06-20 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-01 00:37 . 2008-02-22 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-07 05:33 . 2008-04-14 22:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2008-04-14 22:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2008-04-14 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2007-08-14 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2007-08-14 02:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 23:06 . 2007-08-14 02:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 11:41 . 2008-04-14 22:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2008-04-14 22:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2008-04-14 22:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-04-15 08:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2008-04-14 22:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-11 13:25 . 2008-04-14 22:00 229888 ----a-w- c:\windows\system32\fxscover.exe
    2011-02-09 13:53 . 2008-04-14 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2008-04-14 22:00 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2008-04-14 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2008-04-14 22:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-18 17:53 . 2011-03-24 12:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-30_05.20.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-01 00:37 . 2011-05-01 00:37 16384 c:\windows\Temp\Perflib_Perfdata_ad8.dat
    - 2008-10-29 01:34 . 2011-04-30 04:56 71732 c:\windows\system32\perfc009.dat
    + 2008-10-29 01:34 . 2011-05-01 00:32 71732 c:\windows\system32\perfc009.dat
    + 2007-08-14 02:54 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
    - 2007-08-14 02:54 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
    - 2007-08-14 02:54 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
    - 2007-08-14 02:54 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll
    - 2008-04-14 22:00 . 2008-04-14 22:00 45568 c:\windows\system32\dnsrslvr.dll
    + 2008-04-14 22:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
    + 2009-06-10 08:12 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-06-10 08:12 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2007-08-14 02:54 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-07-28 22:21 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-07-28 22:21 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-08-14 02:44 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2007-08-14 02:54 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2008-04-14 22:00 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    - 2008-04-14 22:00 . 2008-04-14 22:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    + 2011-04-30 10:01 . 2011-04-30 10:01 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    - 2010-11-10 10:03 . 2010-11-10 10:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    + 2011-04-30 10:01 . 2011-04-30 10:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2010-11-10 10:03 . 2010-11-10 10:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-09-01 04:50 . 2011-04-30 10:08 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-09-01 04:50 . 2011-03-08 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-04-30 10:07 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
    + 2011-04-30 10:07 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
    + 2011-04-30 10:07 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
    + 2011-04-30 10:07 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
    + 2011-04-30 10:07 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
    + 2011-04-30 10:08 . 2011-04-30 10:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
    + 2011-04-30 10:07 . 2011-04-30 10:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
    + 2011-04-30 10:12 . 2011-04-30 10:12 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-10-29 01:34 . 2011-05-01 00:32 442466 c:\windows\system32\perfh009.dat
    - 2008-10-29 01:34 . 2011-04-30 04:56 442466 c:\windows\system32\perfh009.dat
    + 2007-08-14 02:44 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
    + 2008-04-14 22:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
    - 2008-04-14 22:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
    - 2007-08-14 02:54 . 2009-03-08 11:32 611840 c:\windows\system32\mstime.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
    + 2008-04-14 22:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
    - 2008-04-14 22:00 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
    + 2011-05-01 00:37 . 2011-05-01 00:37 157472 c:\windows\system32\javaws.exe
    - 2011-03-23 02:11 . 2011-02-03 04:40 157472 c:\windows\system32\javaws.exe
    + 2011-05-01 00:37 . 2011-05-01 00:37 145184 c:\windows\system32\javaw.exe
    - 2011-03-23 02:11 . 2011-02-03 04:40 145184 c:\windows\system32\javaw.exe
    + 2011-05-01 00:37 . 2011-05-01 00:37 145184 c:\windows\system32\java.exe
    - 2011-03-23 02:11 . 2011-02-03 04:40 145184 c:\windows\system32\java.exe
    + 2007-08-14 02:54 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
    + 2007-08-14 02:39 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
    + 2007-08-14 02:39 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
    + 2008-10-29 01:24 . 2011-04-30 10:25 272576 c:\windows\system32\FNTCACHE.DAT
    - 2008-10-29 01:24 . 2011-02-10 01:30 272576 c:\windows\system32\FNTCACHE.DAT
    + 2008-04-14 22:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
    - 2008-04-14 22:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
    + 2008-04-14 22:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
    + 2008-04-14 22:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
    + 2008-04-14 22:00 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
    + 2007-08-14 02:44 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
    + 2008-04-14 22:00 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
    - 2008-04-14 22:00 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
    - 2007-08-14 02:54 . 2009-03-08 11:32 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
    - 2009-07-28 22:21 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-07-28 22:21 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-04-04 03:26 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
    - 2008-04-14 22:00 . 2010-09-18 19:23 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2008-04-14 22:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2008-04-14 22:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
    - 2008-04-14 22:00 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
    + 2008-04-14 22:00 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
    - 2008-04-14 22:00 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2008-04-14 22:00 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2009-06-10 08:12 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-06-10 08:12 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-11 20:25 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-11 20:25 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2007-08-14 02:39 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-08-14 02:39 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-04-14 22:00 . 2011-02-11 13:25 229888 c:\windows\system32\dllcache\fxscover.exe
    + 2008-04-14 22:00 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
    + 2008-04-14 22:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
    - 2008-04-14 22:00 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    + 2008-04-14 22:00 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
    + 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe
    - 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-01-18 11:39 . 2011-01-18 11:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-01-18 11:39 . 2011-01-18 11:39 363856
     
  14. Dcarr

    Dcarr TS Rookie Topic Starter

    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-01-18 11:39 . 2011-01-18 11:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-05-01 00:39 . 2011-05-01 00:39 180224 c:\windows\Installer\7bf10.msi
    + 2011-05-01 00:37 . 2011-05-01 00:37 675840 c:\windows\Installer\7bf00.msi
    + 2011-04-30 10:00 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2011-04-30 10:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2011-04-30 10:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2011-04-30 10:00 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    + 2011-04-30 10:07 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
    + 2011-04-30 10:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
    + 2011-04-30 10:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
    + 2011-04-30 10:07 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB2497640-IE8\occache.dll
    + 2011-04-30 10:07 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
    + 2011-04-30 10:07 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
    + 2011-04-30 10:07 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
    + 2011-04-30 10:07 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
    + 2011-04-30 10:07 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
    + 2011-04-30 10:07 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
    + 2011-04-30 10:07 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
    + 2011-04-30 10:12 . 2011-04-30 10:12 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
    + 2011-04-30 10:10 . 2011-04-30 10:10 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
    + 2011-04-30 10:12 . 2011-04-30 10:12 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
    + 2011-04-30 10:09 . 2011-04-30 10:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
    + 2011-04-30 10:12 . 2011-04-30 10:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
    + 2011-04-30 10:12 . 2011-04-30 10:12 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-04-30 05:55 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
    + 2007-08-14 02:34 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
    + 2008-04-14 22:00 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
    + 2007-08-14 02:54 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
    + 2007-08-14 02:54 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
    + 2009-06-10 08:12 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
    - 2009-06-10 08:12 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2011-01-18 11:39 . 2011-01-18 11:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2011-01-18 11:39 . 2011-01-18 11:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2010-11-21 06:34 . 2010-11-21 06:34 1198080 c:\windows\Installer\11aaf76.msp
    + 2011-03-18 03:01 . 2011-03-18 03:01 9563648 c:\windows\Installer\11aaf68.msp
    + 2011-01-12 00:50 . 2011-01-12 00:50 8177152 c:\windows\Installer\11aaf5f.msp
    + 2010-11-21 06:33 . 2010-11-21 06:33 1980928 c:\windows\Installer\11aaf56.msp
    + 2011-04-30 10:07 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
    + 2011-04-30 10:07 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
    + 2011-04-30 10:07 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
    + 2011-04-30 10:07 . 2011-04-30 10:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
    + 2011-04-30 10:06 . 2011-04-30 10:06 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
    + 2011-04-30 10:07 . 2011-04-30 10:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
    + 2011-04-30 10:14 . 2011-04-30 10:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
    + 2011-04-30 10:13 . 2011-04-30 10:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-04-30 10:03 . 2011-04-30 10:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2010-10-08 10:03 . 2010-10-08 10:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-04-30 10:04 . 2011-04-30 10:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-04-04 06:30 . 2011-04-30 10:05 42181064 c:\windows\system32\MRT.exe
    + 2007-08-14 02:54 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
    - 2009-06-10 08:12 . 2010-12-21 12:29 11080704 c:\windows\system32\dllcache\ieframe.dll
    + 2009-06-10 08:12 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
    + 2011-04-30 10:07 . 2011-04-30 10:07 20314624 c:\windows\Installer\11aaf93.msp
    + 2011-02-12 03:47 . 2011-02-12 03:47 12028928 c:\windows\Installer\11aaf87.msp
    + 2011-04-30 10:07 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
    + 2011-04-30 10:15 . 2011-04-30 10:15 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
    + 2011-04-30 10:12 . 2011-04-30 10:12 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
    + 2011-04-30 10:10 . 2011-04-30 10:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
    + 2011-04-30 10:09 . 2011-04-30 10:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
    + 2011-04-30 10:08 . 2011-04-30 10:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
    + 2011-04-30 10:05 . 2011-04-30 10:05 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
    "Starfield Updater"="c:\program files\Starfield\WorkspaceUpdate.exe" [2011-02-17 33984]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-25 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    2008-07-10 23:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2007-01-09 06:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-02-25 05:29 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
    2009-10-31 13:07 271688 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
    2009-10-31 13:08 247112 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
    2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
    2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3242:TCP"= 3242:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/28/2011 7:09 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/28/2011 7:09 PM 307288]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2011 7:09 PM 19544]
    R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1215216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    FF - ProfilePath - c:\documents and settings\Delbert Carr\Application Data\Mozilla\Firefox\Profiles\ehxjen98.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-30 18:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-04-30 18:05:44
    ComboFix-quarantined-files.txt 2011-05-01 01:05
    ComboFix2.txt 2011-04-30 05:28
    .
    Pre-Run: 46,334,427,136 bytes free
    Post-Run: 46,355,738,624 bytes free
    .
    - - End Of File - - 7CC114C756614C6146ECD8762E1673B8
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Question please: You will have had to remove AVG to run Combofix and are now protected by Avast. Do you plan on putting AVG back on the system or keeping Avast instead?
     
  16. Dcarr

    Dcarr TS Rookie Topic Starter

    Actually, I am really happy with Avast so far! I will not be putting AVG back on.
    I have a question too. From the last log does my system look clean now? It is running 200% better that is for sure but my windows update still popped up on the tast tray then disapeerd before I could click to install the updates. HP solution center also pops up when I restart to tell me that I do not have the lateset Adobe Flash player which I believe to be incorrect. These may just be settings that need to be fixed but let me know what you think. You are awesome and I am just amazed that you guys do this for free for people! I wish I knew more about helping people so I could give back a little!
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm glad to hear you're keeping Avast. I think that's a wise decision. I put the remaining AVG entries in the script, to be removed.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    Folder::
    C:\TDSSKiller_Quarantine
    c:\program files\Uniblue
    c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    c:\windows\system32\drivers\AVG
    c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    You can uncheck all of the HP entries on the Startup menu>>>including the HP Digital Imaging.
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any processes that don't need to start on boot.
    • Click on Apply> OK when finished.
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.

    The only processes that need to start on boot are the antivirus program, third party firewall if you have one, touchpad if on laptop and network processes if using third party software for network. Any other entries in this section can be Unchecked.

    This does not remove a process or program- it can still be accessed when needed through All Programs. And you can go back at a later time and reset the default programs if needed.
    ==========================================
    This starts by being able to help yourself- to learn how to troubleshoot instead of doing a reformat/reinstall. Hopefully you have learned how to do some of those things here. You build on that to gain your confidence> then you step out of the box to help others.
    ========================================
    Your system is clean. You can now remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any more questions.
     
  18. Dcarr

    Dcarr TS Rookie Topic Starter

    ComboFix 11-04-30.06 - Delbert Carr 05/01/2011 17:24:32.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2308 [GMT -7:00]
    Running from: h:\virus suit\ComboFix.exe
    Command switches used :: c:\documents and settings\Delbert Carr\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
    c:\documents and settings\All Users\Application Data\Yahoo!
    c:\documents and settings\All Users\Application Data\Yahoo!\yau\4413210E-3820-41FF-A5E2-B70C786A62CB.xml
    c:\documents and settings\All Users\Application Data\Yahoo!\yau\940C0094-01F7-47c6-BFE2-DC2A44D3D36F.xml
    c:\documents and settings\All Users\Application Data\Yahoo!\yau\CC47E3C3-9B25-4F68-AD4A-FA5F0183E6BC.xml
    c:\documents and settings\All Users\Application Data\Yahoo!\yau\toolbar_temp.xml
    c:\documents and settings\All Users\Application Data\Yahoo!\yau\yautoupdater_temp.xml
    c:\documents and settings\Delbert Carr\Application Data\Yahoo!
    c:\documents and settings\Delbert Carr\Application Data\Yahoo!\Companion\inq_data.inq
    c:\documents and settings\Delbert Carr\Application Data\Yahoo!\Companion\inq_settings.xml
    c:\documents and settings\Delbert Carr\Application Data\Yahoo!\Companion\resources.inq
    C:\TDSSKiller_Quarantine
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\mbr0000\object.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\mbr0000\tsk0000.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\mbr0000\tsk0000.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\object.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\object.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0000.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0000.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0001.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0001.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0002.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0002.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0003.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0003.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0004.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0004.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0005.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0005.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0006.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0006.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0007.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0007.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0008.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0008.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0009.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0009.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0010.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0010.ini
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0011.dta
    c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0011.ini
    c:\windows\system32\drivers\AVG
    c:\windows\system32\drivers\AVG\iavichjg.avm
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-02 00:39 . 2011-05-02 00:39 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
    2011-04-30 10:09 . 2011-04-30 10:09 -------- d-----w- c:\windows\ServicePackFiles
    2011-04-29 04:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 04:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 02:09 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-29 02:09 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-29 02:09 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 02:09 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-29 02:09 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-29 02:09 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-04-29 02:09 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-04-29 02:09 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-04-29 02:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-29 02:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\program files\AVAST Software
    2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-26 13:31 . 2011-04-26 13:31 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\PackageAware
    2011-04-24 17:11 . 2011-04-24 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-04-24 14:17 . 2011-04-24 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-14 12:32 . 2011-04-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-04-14 12:11 . 2011-04-14 12:11 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
    2011-04-14 02:26 . 2011-04-14 02:28 -------- dc-h--w- c:\windows\ie8
    2011-04-02 16:52 . 2011-04-02 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-01 00:37 . 2010-06-20 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-01 00:37 . 2008-02-22 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-07 05:33 . 2008-04-14 22:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2008-04-14 22:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2008-04-14 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2007-08-14 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2007-08-14 02:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 23:06 . 2007-08-14 02:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 11:41 . 2008-04-14 22:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2008-04-14 22:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2008-04-14 22:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-04-15 08:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2008-04-14 22:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-11 13:25 . 2008-04-14 22:00 229888 ----a-w- c:\windows\system32\fxscover.exe
    2011-02-09 13:53 . 2008-04-14 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2008-04-14 22:00 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2008-04-14 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2008-04-14 22:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-18 17:53 . 2011-03-24 12:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-05-01_01.01.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-02 00:39 . 2011-05-02 00:39 16384 c:\windows\temp\Perflib_Perfdata_790.dat
    + 2008-10-29 01:34 . 2011-05-02 01:12 71732 c:\windows\system32\perfc009.dat
    - 2008-10-29 01:34 . 2011-05-01 00:32 71732 c:\windows\system32\perfc009.dat
    + 2008-10-29 01:34 . 2011-05-02 01:12 442466 c:\windows\system32\perfh009.dat
    - 2008-10-29 01:34 . 2011-05-01 00:32 442466 c:\windows\system32\perfh009.dat
    + 2011-05-01 15:21 . 2011-05-01 15:21 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    + 2011-05-01 15:21 . 2011-05-01 15:21 311456 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
    + 2009-04-04 06:55 . 2011-05-02 01:00 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-04-04 06:55 . 2011-04-30 00:59 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2011-04-12 00:19 . 2011-04-12 00:19 2871968 c:\windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
    "Starfield Updater"="c:\program files\Starfield\WorkspaceUpdate.exe" [2011-02-17 33984]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-25 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    2008-07-10 23:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2007-01-09 06:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-02-25 05:29 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
    2009-10-31 13:07 271688 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
    2009-10-31 13:08 247112 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
    2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
    2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3242:TCP"= 3242:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/28/2011 7:09 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/28/2011 7:09 PM 307288]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2011 7:09 PM 19544]
    R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1215216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    FF - ProfilePath - c:\documents and settings\Delbert Carr\Application Data\Mozilla\Firefox\Profiles\ehxjen98.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-ProcessQuickLink 2_is1 - c:\program files\Uniblue\ProcessQuickLink 2\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-01 18:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2280)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Raxco\PerfectDisk10\PDAgent.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\RTHDCPL.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-01 18:15:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-02 01:15
    ComboFix2.txt 2011-05-01 01:05
    ComboFix3.txt 2011-04-30 05:28
    .
    Pre-Run: 46,436,642,816 bytes free
    Post-Run: 46,466,031,616 bytes free
    .
    - - End Of File - - F6BCE2BE60C5FC35D0D5715F044F286A
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you have this program on the system, please remove it and download the current version below:

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    =========================================
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Ares for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    I put Ares entries in the script for removal but you must be actively using it because the entries weren't removed. I recommend you go to Add/Remove Programs in the Control Panel and uninstall any Ares related entries. Then use Windows Explorer to go to My Computer> Double click on Local Drive(C)> Programs> find the Ares program folder and do a right click> Delete.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Threads are closed after 5 days of inactivity. Please send me a PM if the problem continues.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...