Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Searches being Hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Searches being Hijacked

Unread postby val.w » March 14th, 2009, 12:57 pm

Hi, and thanks in advance for the help.

My partners laptop seems to be infected with a trojan that causes google searches to get hijacked. I have run Malwarebytes anti malware several times and each time it finds
'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} '
and
'C:\WINDOWS\ekg.xnp (Trojan.Daonol) -> Quarantined and deleted successfully.'

The folowing is the log from Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:30, on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\Program Files\Common Files\AOL\1170885578\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1170885578\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1170885578\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "ICO.EXE"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [EPSON PictureMate] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE" /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170885578\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVFX Engine] "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe"
O4 - HKLM\..\Run: [V0250Mon.exe] "C:\WINDOWS\V0250Mon.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13489 bytes

Again, many thanks in advance for your assistance. I've tried everything I know of and just can't shift this.

Thanks

Val
val.w
Active Member
 
Posts: 2
Joined: March 14th, 2009, 12:46 pm
Advertisement
Register to Remove

Re: Google Searches being Hijacked

Unread postby jpshortstuff » March 15th, 2009, 2:12 pm

Hi,

Please download DaonolFix from the link below and save it to your Desktop
Download Mirror #1
  • Double-click DaonolFix.exe to run it.
  • Select 1. Find Daonol (no fix) by typing 1 and pressing Enter.
  • You will see a lot of files being listed - don't worry, they are just being scanned.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called DaonolFix.txt).
Note: Do not worry if the tool crashes or doesn't work in any way - it is a work in progress.


Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
  • click it -> click on the Image button.
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

**Save it to your desktop**

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  1. Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  4. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Thanks.
User avatar
jpshortstuff
WTT Malware Team
WTT Malware Team
 
Posts: 973
Joined: May 1st, 2007, 12:56 pm

Re: Google Searches being Hijacked

Unread postby val.w » March 15th, 2009, 5:21 pm

Hi, and thanks for your help.

I have done as asked and the various logs are quoted below.

DaonolFix (13.03.09) by jpshortstuff
Log created at 18:39 on 15/03/2009 by jackie
Running from C:\Documents and Settings\jackie\Desktop\DaonolFix.exe

=====Find Daonol=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="C:\WINDOWS\system32\..\ekg.xnp"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"MSVideo8"="VfWWDM32.dll"
"vidc.cvid"="iccvid.dll"
"VIDC.dvsd"="C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wavemapper"="msacm32.drv"

-=Daonol Files=-
(none found)

-=End Of File=-


___________________________________________________________________________________________________


ComboFix 09-03-14.02 - jackie 2009-03-15 21:06:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1282 [GMT 0:00]
Running from: c:\documents and settings\jackie\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 18:26 . 2009-03-15 18:26 <DIR> d-------- c:\documents and settings\jackie\DoctorWeb
2009-03-14 17:45 . 2009-03-14 17:45 <DIR> d-------- c:\documents and settings\jackie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-14 17:44 . 2009-03-14 17:44 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-14 17:22 . 2009-03-14 18:41 <DIR> d-------- c:\program files\NOS
2009-03-14 17:22 . 2009-03-14 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-14 16:26 . 2009-03-14 16:26 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 15:47 . 2009-03-14 15:47 <DIR> d-------- c:\program files\ESET
2009-03-14 14:01 . 2009-03-14 14:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 14:01 . 2009-03-14 14:01 <DIR> d-------- c:\documents and settings\jackie\Application Data\Malwarebytes
2009-03-14 14:01 . 2009-03-14 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 14:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 14:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 00:14 . 2009-03-14 00:14 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-14 00:05 . 2009-03-14 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-13 22:52 . 2009-03-13 22:52 <DIR> d-------- c:\program files\MSSOAP
2009-03-13 22:51 . 2009-03-13 22:51 164 --a------ c:\windows\install.dat
2009-02-23 13:12 . 2009-02-23 13:12 <DIR> d-------- c:\documents and settings\jackie\Application Data\Image Zone Express
2009-02-23 13:04 . 2008-12-19 12:56 105,291 --------- c:\windows\HPFins09.dat.temp
2009-02-23 13:04 . 2005-11-01 09:29 3,732 --------- c:\windows\hpfmdl09.dat.temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 20:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 20:02 --------- d-----w c:\program files\Sony
2009-03-15 18:50 --------- d-----w c:\program files\Common Files\Scanner
2009-03-14 18:29 --------- d-----w c:\program files\myphotobook
2009-03-14 18:29 --------- d-----w c:\documents and settings\jackie\Application Data\Skype
2009-03-14 18:15 --------- d-----w c:\documents and settings\jackie\Application Data\skypePM
2009-03-14 17:44 --------- d-----w c:\program files\Common Files\Adobe
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 14:24 93,336 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-02-06 14:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 14:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-01-21 01:21 --------- d-----w c:\program files\Family Tree Maker 2005
2009-01-19 22:31 --------- d-----w c:\documents and settings\jackie\Application Data\FTW
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_18.53.02.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-09-06 21:13:34 88,776 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-03-15 19:50:48 91,488 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
- 2006-09-06 21:13:33 101,064 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2009-03-15 19:50:47 103,776 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2005-01-01 05:42:35 64,088 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-03-15 19:49:51 66,936 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2005-01-01 05:42:35 223,800 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-03-15 19:49:44 226,656 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2003-07-14 22:57:34 38,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-14 22:53:06 94,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-14 22:56:54 14,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-14 22:57:14 98,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-14 22:41:44 13,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-14 22:40:12 179,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-14 22:40:12 165,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-14 21:45:14 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-18 17:31:10 252,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-14 22:46:08 176,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-07-14 22:51:44 87,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-14 22:52:52 17,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 22:57:16 120,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-14 22:52:52 27,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-14 22:44:06 25,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-14 22:52:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-11 02:15:48 1,292,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 03:18:52 376,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 22:52:54 28,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-14 22:52:52 35,896 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 22:53:20 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-14 22:46:16 42,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-14 22:45:12 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-14 22:45:12 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 17:31:50 16,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 16:05:50 364,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-14 22:52:58 41,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-14 23:00:54 145,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-14 22:57:10 56,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-14 22:56:52 13,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2005-01-01 05:42:35 223,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 03:14:26 242,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-14 23:05:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-14 22:44:34 102,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-14 22:43:16 49,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 03:18:44 93,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-14 21:40:16 51,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-05-08 21:54:00 77,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-14 22:57:08 40,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-21 11:46:38 390,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-14 22:44:16 66,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 22:57:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-14 22:53:14 11,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2005-01-01 05:42:35 64,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2007-03-22 19:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-22 19:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 13:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 13:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 14:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 13:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 13:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2005-05-03 23:06:28 465,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 23:06:32 1,411,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-03 23:06:26 199,408 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2007-06-18 17:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 13:35:04 6,747,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 13:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 13:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 13:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 13:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 13:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 13:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-31 13:35:46 133,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 13:36:08 612,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 13:34:48 562,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-22 19:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 19:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 19:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 17:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 13:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-03-22 19:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-04-19 14:10:18 45,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-22 19:29:56 99,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-03-22 19:06:08 355,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2007-04-19 13:55:16 53,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-22 19:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-22 19:23:32 19,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-05-10 13:44:02 121,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-22 19:29:28 43,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-22 19:29:28 39,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2007-04-19 13:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 13:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-03-22 19:06:34 17,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FINDER.EXE
+ 2007-06-06 10:53:34 1,195,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2007-06-06 12:46:12 1,961,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2007-04-19 14:15:26 192,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2007-04-19 13:47:40 186,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-04-19 13:47:40 171,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPLACE.DLL
+ 2007-05-31 13:50:10 1,168,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-04-19 14:16:14 807,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 13:57:32 2,152,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-04-19 14:10:30 116,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 14:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 13:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-09 13:24:04 758,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-04-09 13:23:58 231,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 13:23:54 28,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2007-04-09 13:23:54 28,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 13:23:58 46,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 13:24:04 453,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-19 13:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 14:01:52 238,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-05-10 14:35:40 120,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2005-05-03 23:06:28 465,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 23:06:32 1,411,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-30 15:11:38 89,440 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2005-05-03 23:06:26 199,408 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2007-03-22 19:29:16 20,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-06-18 17:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-04-19 14:10:34 127,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-03-22 19:04:52 109,912 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-03-22 19:04:52 130,912 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-22 19:29:22 31,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-04-19 13:56:58 29,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-04-19 14:07:38 61,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-05-02 13:45:26 2,123,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2005-09-20 12:33:08 1,293,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-04-19 13:49:28 383,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 14:07:24 36,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-22 19:29:24 39,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-04-19 14:07:32 45,408 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOSVFBR.DLL
+ 2007-03-22 19:13:38 45,408 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-22 19:13:38 58,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-04-19 13:57:40 46,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-04-09 13:24:06 1,025,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2007-04-09 13:23:52 25,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-04-09 13:24:00 367,496 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-03-22 19:29:32 44,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 14:00:30 637,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 14:00:22 130,912 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 14:00:30 489,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 14:09:02 157,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 14:10:26 80,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-22 19:23:30 17,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-03-22 19:06:22 287,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 13:50:52 837,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-22 19:06:08 46,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2007-03-22 19:06:22 245,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-04-19 14:09:46 1,061,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2007-04-19 13:52:16 30,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLACCT.DLL
+ 2007-04-19 13:53:48 109,408 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-05-31 13:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 13:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 13:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 13:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 13:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 19:07:28 52,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLWAB.DLL
+ 2007-05-10 13:45:34 8,069,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 13:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-03-22 19:05:34 434,016 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP4X322.DLL
+ 2007-03-22 19:05:22 97,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 13:49:56 1,661,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-03-22 19:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-06-06 12:07:40 100,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 14:10:18 63,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-03-22 19:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 19:09:02 394,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RTFHTML.DLL
+ 2007-03-22 19:07:40 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\SENDTO.DLL
+ 2007-04-19 14:10:20 65,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-22 19:29:16 14,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-05-10 13:42:52 2,839,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-03-22 19:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 17:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 13:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2006-09-06 21:23:10 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-15 20:33:36 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-09-06 21:23:10 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-15 20:33:36 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-06 21:23:10 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-15 20:33:36 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-09-06 21:23:10 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-15 20:33:35 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-06 21:23:10 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-15 20:33:36 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-06 21:23:10 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-15 20:33:36 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-06 21:23:10 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-15 20:33:36 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-06 21:23:10 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-15 20:33:36 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-06 21:23:10 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-15 20:33:35 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-06 21:23:10 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-15 20:33:35 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-06 21:23:10 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-15 20:33:36 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-06 21:23:10 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-15 20:33:35 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-06 21:23:10 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-15 20:33:35 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-20 16:10:26 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-15 20:34:56 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-20 16:10:26 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-15 20:34:56 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-20 16:10:26 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-15 20:34:57 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-20 16:10:26 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-15 20:34:57 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-20 16:10:26 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-15 20:34:57 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-20 16:10:26 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-15 20:34:57 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-20 16:10:26 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-15 20:34:56 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-20 16:10:27 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-15 20:34:57 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-20 16:10:26 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-15 20:34:56 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-20 16:10:26 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-15 20:34:56 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-03-17 13:39:58 1,146,320 ----a-w c:\windows\system32\FM20.DLL
+ 2007-06-06 10:53:34 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2003-07-14 22:57:04 32,584 ----a-w c:\windows\system32\FM20ENU.DLL
+ 2007-03-22 19:17:04 35,440 ----a-w c:\windows\system32\FM20ENU.DLL
- 2009-03-12 09:22:35 237,552 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-15 20:02:23 237,552 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-03-22 14:17:06 24,816 ----a-w c:\windows\system32\mdimon.dll
+ 2007-04-09 13:23:54 28,040 ----a-w c:\windows\system32\mdimon.dll
+ 2008-10-16 14:07:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2004-03-22 14:17:04 765,680 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 13:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 13:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 14:17:04 765,680 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 13:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 13:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 14:17:08 25,840 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 13:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2009-03-15 20:54:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"EPSON PictureMate"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE" [2003-10-10 99840]
"HostManager"="c:\program files\Common Files\AOL\1170885578\ee\AOLSoftware.exe" [2006-11-17 50736]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-06-25 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-02 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 113664]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-11-02 156784]
EZ VHS Converter Monitor.lnk - c:\program files\ION\EZ VHS Converter\MediaTVMonitor.exe [2008-12-26 737280]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-09-23 14:24 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"aux"= c:\windows\system32\..\ekg.xnp

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170885578\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-03-16 29184]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-03-16 808448]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-12-23 185504]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2008-12-23 6272]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TWINLOAD;TWINLOAD;c:\windows\system32\drivers\twinload.sys [2008-10-04 17536]
S3 TWINUSB;TwinHan - USB DVB-T adapter Driver;c:\windows\system32\drivers\twincap.sys [2008-10-04 15360]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [2008-12-26 18:40:24 277888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
*Deregistered* - DwShield00001388
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 21:09:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-03-15 21:10:26
ComboFix-quarantined-files.txt 2009-03-15 21:10:23
ComboFix2.txt 2009-03-15 18:53:53

Pre-Run: 16,762,843,136 bytes free
Post-Run: 16,832,004,096 bytes free

394 --- E O F --- 2009-03-15 01:10:51

___________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:36, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\Program Files\Common Files\AOL\1170885578\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\aol\1170885578\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1170885578\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "ICO.EXE"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [EPSON PictureMate] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE" /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170885578\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVFX Engine] "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe"
O4 - HKLM\..\Run: [V0250Mon.exe] "C:\WINDOWS\V0250Mon.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7144867890
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12989 bytes



Thanks

Val
val.w
Active Member
 
Posts: 2
Joined: March 14th, 2009, 12:46 pm

Re: Google Searches being Hijacked

Unread postby jpshortstuff » March 16th, 2009, 3:03 am

Hi,

Did you run ComboFix twice? Please post the contents of this log;
C:\QooBox\ComboFix2.txt

I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
How are things running at the moment, still having problems?

Thanks.
User avatar
jpshortstuff
WTT Malware Team
WTT Malware Team
 
Posts: 973
Joined: May 1st, 2007, 12:56 pm

Re: Google Searches being Hijacked

Unread postby NonSuch » March 21st, 2009, 5:52 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware