User Tag List

Rediret problems

This is a discussion on Rediret problems within the Resolved HJT Threads forums, part of the Tech Support Forum category. Recently received some help on a different issue with Antispyware Soft taking over our PC. I have noticed that even


 
 
Thread Tools Search this Thread
Old 06-20-2010, 02:31 PM   #1
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



Recently received some help on a different issue with Antispyware Soft taking over our PC. I have noticed that even though the problem we previously had seem to be resolved, now we are having an issue with selected web sites being redirected to false/bad pages. Many of the redirect pages are flagged as including some type of Trojan or malware attack on our PC.

I use Firefox as my search engine. You complete a search for a topic. When you click/select one of the search results instead of it taking you to the search listed it redirects to a different site location. As mentioned above, many set off an anti-virus warning.


I have Avast as my anti-virus protection. Using this to run a scan as well as hijack this comes back with no apparent problems.



Any additional help would be appreciated. You guys do a great service. Thank you for the continued support.

Enclosed in the information requested from the 1st step instructions. Be well and Happy Father's Day.

Thank you - Brett


DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Brett at 13:57:41.54 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.405 [GMT -7:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Documents and Settings\Brett\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: {1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1011016
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: gsp.dll
Trusted Zone: amazon.com\www
Trusted Zone: melaleuca.com\www
Trusted Zone: melaluca.com\www
Trusted Zone: microsoft.com\mail
Trusted Zone: parentorganizer.com
Trusted Zone: yahoo.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brett\applic~1\mozilla\firefox\profiles\ho9x2gce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\brett\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\brett\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\dnaml\npdbplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-25 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-25 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-25 40384]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-7 3032360]
S2 gupdate1c98e317d177200;Google Update Service (gupdate1c98e317d177200);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-25 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-25 40384]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-7 15144]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-21 1251720]

=============== Created Last 30 ================

2010-06-08 01:07:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 11:30:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-23 16:18:14 356352 ----a-w- c:\windows\eSellerateEngine.dll

==================== Find3M ====================

2010-04-26 22:58:12 256512 ----a-w- c:\windows\PEV.exe
2008-01-03 02:01:25 2145543 ----a-w- c:\program files\psuite_bas.exe
2008-01-03 02:00:20 4712440 ----a-w- c:\program files\snsetup.exe
2006-04-21 02:20:04 2224128 ----a-r- c:\program files\SetupWizard.exe
2005-08-13 05:19:41 344 ----a-w- c:\program files\Norton AntiVirus_Key.txt
2005-03-16 05:19:28 4956 ----a-w- c:\program files\hijackthis4
2005-02-16 17:37:43 4810 ----a-w- c:\program files\hijackthis2
2005-01-20 00:30:45 4178 ----a-w- c:\program files\new hijack
2003-11-18 02:17:34 3262 ----a-r- c:\program files\SetupWIZ.ico
2003-06-30 19:24:08 1023755 ----a-w- c:\program files\BCLWebContent.mxp
2003-05-07 01:28:32 59383 ----a-w- c:\program files\WebContent.chm
2008-08-27 10:12:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 14:00:35.28 ===============
Attached Files
File Type: zip Attach.zip.zip (5.1 KB, 18 views)
Brett Gowski is offline  
Sponsored Links
Advertisement
 
Old 06-20-2010, 09:46 PM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello Brett,

jimi was in the process of cleaning your system and you seemed to have abandonded the thread. Please do stay with me until given the all clear so we don't keep going in circles here. :)


Open Notepad and copy/paste the contents in the quote box below, into Notepad.

Quote:
@echo off
@mbr -t
@start mbr.log
Save this as look.bat Choose to "Save type as - All Files"

It should look like this:

Please post the log it produces.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2010, 07:50 AM   #3
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



Ried,

Thank you for the help. Sorry for the delayed response. Have been working 14 hour days the last couple weeks to meet a project deadline...


Here is the log info you requested.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, https://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83A01EC5]<<
kernel: MBR read successfully
user & kernel MBR OK
Brett Gowski is offline  
Sponsored Links
Advertisement
 
Old 06-22-2010, 09:13 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :)

We need to determine which driver has been hijacked. To do this, we'll need to utilize the Windows Recovery Console that was pre-installed when you ran ComboFix while jimi was assisting you.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to the desktop of a nearby computer for reference as you will not have any browsers open while you are carrying out portions of these instructions.


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!

Next, as instructed when the tool runs, restart the computer and logon to the Recovery Console:

1. Reboot your computer and as Windows starts it will present you with your startup options for exactly two seconds - you'll have to be quick - (which in your case will be Microsoft Windows XP Home Edition and Microsoft Windows Recovery Console)

2. With the arrows keys on your keyboard select the option listed as Microsoft Windows Recovery Console and press the enter key on your keyboard.

3. The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

4. It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter.

5. You should now be presented with a C:\Windows> prompt

At that prompt, type in the following bolded text:

batch look.bat


You will see 1 file copied many times then return to the C:\windows> prompt.

Type Exit and press Enter to restart your computer, then logon in normal mode.

Once back in Windows, go to Start > Run, and copy/paste the following then press Enter.

maxlook -sig

Follow the prompts, and post (or attach) the log produced, C:\looklog.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-27-2010, 10:32 AM   #5
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



Ried,

Thank yo for the continued patience. I have been working roughly 16 hours days the last few weeks trying to wrap up a project at work (crunch time.. you gotta love it). Thank you for the instructions. Listed below please find the info from the looklog.txt file you requested. Sorry for the delays coming from this side. Project at work completed so back to having a life again... Thanks - Brett

Code:
Run from C:\Documents and Settings\Lorrie  Gow\Desktop\maxlook.exe on Sun 06/27/2010 at 10:22:34.40

--------- maxlook unsigned files ---------

c:\windows\maxdrive\cdr4_2K.sys:
	Verified:	Unsigned
	File date:	12:24 PM 7/26/2004
	Publisher:	Roxio
	Description:	CDR4_2k CDR Helper
	Product:	Roxio's CD-R Helper Drivers
	Version:	2.5 (099)
	File version:	2.5 (099)
c:\windows\maxdrive\cdr4_xp.sys:
	Verified:	Unsigned
	File date:	7:42 PM 10/4/2006
	Publisher:	Sonic Solutions
	Description:	CDR4 CD and DVD Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\maxdrive\cdralw2k.sys:
	Verified:	Unsigned
	File date:	7:42 PM 10/4/2006
	Publisher:	Sonic Solutions
	Description:	CDRAL Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\maxdrive\cdudf_xp.sys:
	Verified:	Unsigned
	File date:	4:37 PM 9/4/2001
	Publisher:	Roxio
	Description:	CD-UDF NT Filesystem Driver
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105) built by: WinDDK
c:\windows\maxdrive\DSXUSB.sys:
	Verified:	Unsigned
	File date:	9:39 PM 1/21/2002
	Publisher:	OLYMPUS OPTICAL CO.,LTD.
	Description:	DSXUSB Driver for Windows 2000
	Product:	DSXUSB Driver
	Version:	1.2
	File version:	1.20
c:\windows\maxdrive\Dvd_2k.sys:
	Verified:	Unsigned
	File date:	3:39 PM 9/4/2001
	Publisher:	Roxio
	Description:	DVD-RAM AddOn Driver
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105)
c:\windows\maxdrive\imapiRox.sys:
	Verified:	Unsigned
	File date:	11:59 AM 8/20/2001
	Publisher:	Roxio Inc.
	Description:	Imapi Windows XP Kernel Driver
	Product:	Roxio's Imapi
	Version:	1.00 (1005)
	File version:	1.00 (1005)
c:\windows\maxdrive\Mmc_2k.sys:
	Verified:	Unsigned
	File date:	3:39 PM 9/4/2001
	Publisher:	Roxio
	Description:	CD-R/RW AddOn MMC Driver (W2K)
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105)
c:\windows\maxdrive\pwd_2K.sys:
	Verified:	Unsigned
	File date:	3:39 PM 9/4/2001
	Publisher:	Roxio
	Description:	Win2000 Framework for Packet Write Driver
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105)
c:\windows\maxdrive\pxhelp20.sys:
	Verified:	Unsigned
	File date:	2:53 PM 9/27/2006
	Publisher:	Sonic Solutions
	Description:	Px Engine Device Driver for Windows 2000/XP
	Product:	PxHelp20
	Version:	n/a
	File version:	3.00.41a
c:\windows\maxdrive\StMp3Rec.sys:
	Verified:	Unsigned
	File date:	9:32 PM 12/18/2004
	Publisher:	Generic
	Description:	Generic MP3 Player USB Driver
	Product:	Generic MP3 Player
	Version:	139, 0, 551, 1
	File version:	1, 551, 0, 139
c:\windows\maxdrive\udfreadr_xp.sys:
	Verified:	Unsigned
	File date:	10:43 AM 9/10/2001
	Publisher:	Roxio
	Description:	CD-UDF NT Filesystem Reader Driver
	Product:	DirectCD
	Version:	5.10 (113)
	File version:	5.10 (113) built by: WinDDK
c:\windows\maxdrive\usbaapl.sys:
	Verified:	Unsigned
	File date:	11:42 AM 6/5/2009
	Publisher:	Apple, Inc.
	Description:	Apple Mobile Device USB Driver
	Product:	Apple Mobile Device USB Driver
	Version:	1.43.0.0
	File version:	1, 43, 0, 0

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cdr4_2K.sys:
	Verified:	Unsigned
	File date:	12:24 PM 7/26/2004
	Publisher:	Roxio
	Description:	CDR4_2k CDR Helper
	Product:	Roxio's CD-R Helper Drivers
	Version:	2.5 (099)
	File version:	2.5 (099)
c:\windows\system32\drivers\cdr4_xp.sys:
	Verified:	Unsigned
	File date:	7:42 PM 10/4/2006
	Publisher:	Sonic Solutions
	Description:	CDR4 CD and DVD Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\system32\drivers\cdralw2k.sys:
	Verified:	Unsigned
	File date:	7:42 PM 10/4/2006
	Publisher:	Sonic Solutions
	Description:	CDRAL Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\system32\drivers\cdudf_xp.sys:
	Verified:	Unsigned
	File date:	4:37 PM 9/4/2001
	Publisher:	Roxio
	Description:	CD-UDF NT Filesystem Driver
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105) built by: WinDDK
c:\windows\system32\drivers\DSXUSB.sys:
	Verified:	Unsigned
	File date:	9:39 PM 1/21/2002
	Publisher:	OLYMPUS OPTICAL CO.,LTD.
	Description:	DSXUSB Driver for Windows 2000
	Product:	DSXUSB Driver
	Version:	1.2
	File version:	1.20
c:\windows\system32\drivers\Dvd_2k.sys:
	Verified:	Unsigned
	File date:	3:39 PM 9/4/2001
	Publisher:	Roxio
	Description:	DVD-RAM AddOn Driver
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105)
c:\windows\system32\drivers\imapiRox.sys:
	Verified:	Unsigned
	File date:	11:59 AM 8/20/2001
	Publisher:	Roxio Inc.
	Description:	Imapi Windows XP Kernel Driver
	Product:	Roxio's Imapi
	Version:	1.00 (1005)
	File version:	1.00 (1005)
c:\windows\system32\drivers\Mmc_2k.sys:
	Verified:	Unsigned
	File date:	3:39 PM 9/4/2001
	Publisher:	Roxio
	Description:	CD-R/RW AddOn MMC Driver (W2K)
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105)
c:\windows\system32\drivers\pwd_2K.sys:
	Verified:	Unsigned
	File date:	3:39 PM 9/4/2001
	Publisher:	Roxio
	Description:	Win2000 Framework for Packet Write Driver
	Product:	DirectCD
	Version:	5.10 (105)
	File version:	5.10 (105)
c:\windows\system32\drivers\pxhelp20.sys:
	Verified:	Unsigned
	File date:	2:53 PM 9/27/2006
	Publisher:	Sonic Solutions
	Description:	Px Engine Device Driver for Windows 2000/XP
	Product:	PxHelp20
	Version:	n/a
	File version:	3.00.41a
c:\windows\system32\drivers\StMp3Rec.sys:
	Verified:	Unsigned
	File date:	9:32 PM 12/18/2004
	Publisher:	Generic
	Description:	Generic MP3 Player USB Driver
	Product:	Generic MP3 Player
	Version:	139, 0, 551, 1
	File version:	1, 551, 0, 139
c:\windows\system32\drivers\udfreadr_xp.sys:
	Verified:	Unsigned
	File date:	10:43 AM 9/10/2001
	Publisher:	Roxio
	Description:	CD-UDF NT Filesystem Reader Driver
	Product:	DirectCD
	Version:	5.10 (113)
	File version:	5.10 (113) built by: WinDDK
c:\windows\system32\drivers\usbaapl.sys:
	Verified:	Unsigned
	File date:	11:42 AM 6/5/2009
	Publisher:	Apple, Inc.
	Description:	Apple Mobile Device USB Driver
	Product:	Apple Mobile Device USB Driver
	Version:	1.43.0.0
	File version:	1, 43, 0, 0


imapi.sys has gone missing!
Brett Gowski is offline  
Old 06-27-2010, 04:47 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi Brett. Glad to hear things have eased up for you at work.

If you still have ComboFix.exe from the last fix, delete it and download the latest version from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


__________________________



WINDOWS XP

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-01-2010, 01:09 AM   #7
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



Your well wishes regarding my work slowing down came a little early... The project/saga continues.

I ran the combo fix twice. It did not run me through the Microsoft WIndows Recovery Console install. I believe this was done with the earlier fix you guys helped me with.

Here are the two combo fix text logs. I have also attached the file. Thanks for the help and sorry for the delayed response. Please let me know if you need anything else from me.

Be well - Brett


1st pass

ComboFix 10-06-30.03 - Brett 06/30/2010 23:47:01.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.505 [GMT -7:00]
Running from: C:\Documents and Settings\Brett\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\mfmm
C:\Program Files\Common Files\mfmm\mfmma.lck
C:\Program Files\Common Files\mfmm\mfmmd\class-barrel
C:\Program Files\Common Files\mfmm\mfmmd\vocabulary
C:\Program Files\Common Files\mfmm\mfmml.lck
C:\Program Files\Common Files\mfmm\mfmmm.lck
C:\Program Files\Common Files\mfmm\mfmmp.lck
C:\WINDOWS\look.bat

Infected copy of C:\WINDOWS\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-27 17:20:16 . 2010-06-07 23:16:54 220024 ----a-w- C:\WINDOWS\sigcheck.exe
2010-06-27 17:11:40 . 2010-06-27 17:21:04 -------- d-----w- C:\WINDOWS\maxdrive
2010-06-16 06:47:06 . 2010-06-16 06:47:06 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\FileOpen

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 06:45:31 . 2010-03-07 23:17:04 -------- d-----w- C:\Documents and Settings\Brett\Application Data\WTablet
2010-06-20 17:27:49 . 2010-03-08 00:49:48 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\WTablet
2010-06-13 05:00:48 . 2004-12-11 05:16:33 -------- d-----w- C:\Documents and Settings\Brett\Application Data\Apple Computer
2010-06-09 0833 . 2010-06-09 0833 976832 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AdobeARM.exe
2010-06-09 0833 . 2010-06-09 0833 70584 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AdobeExtractFiles.dll
2010-06-09 0833 . 2010-06-09 0833 331176 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\ReaderUpdater.exe
2010-06-09 0833 . 2010-06-09 0833 331176 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AcrobatUpdater.exe
2010-06-08 01:07:52 . 2010-06-08 01:07:52 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-06-06 20:45:13 . 2009-09-22 14:22:33 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-05-06 20:39:23 . 2010-05-25 11:31:42 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-05-06 20:39:00 . 2010-05-25 11:31:45 164048 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2010-05-06 20:34:27 . 2010-05-25 11:31:43 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-05-06 20:33:59 . 2010-05-25 11:31:39 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-05-06 20:33:55 . 2010-05-25 11:31:39 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2010-05-06 20:33:47 . 2010-05-25 11:31:45 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-05-06 20:33:29 . 2010-05-25 11:31:39 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-04-25 08:42:51 . 2010-04-25 08:42:51 73000 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-25 08:31:40 . 2010-04-25 08:31:40 79144 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-13 06:10:38 . 2009-11-16 16:49:07 143976 ----a-w- C:\Documents and Settings\Brett\Application Data\Move Networks\uninstall.exe
2010-04-13 06:10:36 . 2009-10-15 00:50:30 5642688 ----a-w- C:\Documents and Settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-13 06:10:32 . 2010-04-13 06:10:18 1794456 ----a-w- C:\Documents and Settings\Brett\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2008-01-03 02:01:25 . 2008-01-03 02:01:25 2145543 ----a-w- C:\Program Files\psuite_bas.exe
2008-01-03 02:00:20 . 2008-01-03 02:00:20 4712440 ----a-w- C:\Program Files\snsetup.exe
2006-04-21 02:20:04 . 2006-04-21 02:20:04 2224128 ----a-r- C:\Program Files\SetupWizard.exe
2005-08-13 05:19:41 . 2005-08-13 05:19:40 344 ----a-w- C:\Program Files\Norton AntiVirus_Key.txt
2005-03-16 05:19:28 . 2005-03-16 05:19:28 4956 ----a-w- C:\Program Files\hijackthis4
2005-02-16 17:37:43 . 2005-02-16 17:37:43 4810 ----a-w- C:\Program Files\hijackthis2
2005-01-20 00:30:45 . 2005-01-20 00:30:45 4178 ----a-w- C:\Program Files\new hijack
2003-11-18 02:17:34 . 2003-11-18 02:17:34 3262 ----a-r- C:\Program Files\SetupWIZ.ico
2003-06-30 19:24:08 . 2007-01-25 02:18:19 1023755 ----a-w- C:\Program Files\BCLWebContent.mxp
2003-05-07 01:28:32 . 2007-01-25 02:18:19 59383 ----a-w- C:\Program Files\WebContent.chm
.

((((((((((((((((((((((((((((( [email protected]_16.29.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 51008 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 59728 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 42832 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 43344 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 61264 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 62800 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 61760 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 61776 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 53568 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 63296 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 36688 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 35648 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:05:16 . 2009-07-12 07:05:16 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05:16 . 2009-07-12 07:05:16 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-07-01 06:45:21 . 2010-07-01 06:45:21 16384 C:\WINDOWS\Temp\Perflib_Perfdata_690.dat
+ 2007-01-29 08:58:06 . 2010-04-21 13:28:50 46080 C:\WINDOWS\system32\tzchange.exe
- 2007-01-29 08:58:06 . 2010-01-23 08:11:44 46080 C:\WINDOWS\system32\tzchange.exe
+ 2010-03-24 02:59:39 . 2009-05-26 09:01:12 17272 C:\WINDOWS\system32\spmsg.dll
- 2010-03-24 02:59:39 . 2009-05-26 11:40:52 17272 C:\WINDOWS\system32\spmsg.dll
+ 2010-06-10 23:14:09 . 2010-06-10 23:14:10 53248 C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
+ 2010-05-25 11:30:59 . 2010-05-06 20:59:57 38848 C:\WINDOWS\system32\avastSS.scr
+ 2006-09-29 03:00:34 . 2006-09-29 03:00:34 82944 C:\WINDOWS\maxdrive\WudfRd.sys
+ 2006-09-29 02:55:50 . 2006-09-29 02:55:50 77568 C:\WINDOWS\maxdrive\WudfPf.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 12032 C:\WINDOWS\maxdrive\ws2ifsl.sys
+ 2004-05-27 10:50:32 . 2006-10-19 04:00:00 38528 C:\WINDOWS\maxdrive\wpdusb.sys
+ 2004-07-26 11:51:40 . 2008-04-13 19:17:18 83072 C:\WINDOWS\maxdrive\wdmaud.sys
+ 2004-08-04 05:29:45 . 2004-08-04 05:29:45 25471 C:\WINDOWS\maxdrive\watv10nt.sys
+ 2004-08-04 05:29:44 . 2004-08-04 05:29:44 22271 C:\WINDOWS\maxdrive\watv06nt.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:21 34560 C:\WINDOWS\maxdrive\wanarp.sys
+ 2004-08-04 05:29:40 . 2004-08-04 05:29:40 11935 C:\WINDOWS\maxdrive\wadv11nt.sys
+ 2004-08-04 05:29:40 . 2004-08-04 05:29:40 11871 C:\WINDOWS\maxdrive\wadv09nt.sys
+ 2004-08-04 05:29:39 . 2004-08-04 05:29:39 11295 C:\WINDOWS\maxdrive\wadv08nt.sys
+ 2004-08-04 05:29:38 . 2004-08-04 05:29:38 11807 C:\WINDOWS\maxdrive\wadv07nt.sys
+ 2010-03-07 23:16:17 . 2007-02-16 00:11:28 11440 C:\WINDOWS\maxdrive\WacomVKHid.sys
+ 2010-03-07 23:15:56 . 2008-01-15 20:11:46 13480 C:\WINDOWS\maxdrive\wacomvhid.sys
+ 2004-07-26 20:00:41 . 2008-04-13 18:43:55 14208 C:\WINDOWS\maxdrive\wacompen.sys
+ 2010-03-07 23:15:57 . 2007-02-16 19:12:36 11312 C:\WINDOWS\maxdrive\wacommousefilter.sys
+ 2010-03-07 23:15:50 . 2008-03-17 20:14:52 15144 C:\WINDOWS\maxdrive\wacmoumonitor.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:41:01 52352 C:\WINDOWS\maxdrive\volsnap.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:44:40 81664 C:\WINDOWS\maxdrive\videoprt.sys
+ 2004-08-04 06:07:42 . 2008-04-13 18:36:40 42240 C:\WINDOWS\maxdrive\viaagp.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:44:40 20992 C:\WINDOWS\maxdrive\vga.sys
+ 2001-08-17 14:02:14 . 2001-08-23 12:00:00 58112 C:\WINDOWS\maxdrive\vdmindvd.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:45:35 20608 C:\WINDOWS\maxdrive\usbuhci.sys
+ 2004-08-18 23:04:44 . 2008-04-13 18:45:38 26368 C:\WINDOWS\maxdrive\usbstor.sys
+ 2006-01-15 04:38:25 . 2008-04-13 18:45:34 15104 C:\WINDOWS\maxdrive\usbscan.sys
+ 2006-01-15 03:14:23 . 2008-04-13 18:47:37 25856 C:\WINDOWS\maxdrive\usbprint.sys
+ 2001-08-17 14:03:52 . 2008-04-13 18:45:43 15872 C:\WINDOWS\maxdrive\usbintel.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:45:37 59520 C:\WINDOWS\maxdrive\usbhub.sys
+ 2004-07-26 20:00:41 . 2008-04-13 18:45:35 30208 C:\WINDOWS\maxdrive\usbehci.sys
+ 2006-01-15 03:14:14 . 2008-04-13 18:45:39 32128 C:\WINDOWS\maxdrive\usbccgp.sys
+ 2001-08-17 14:03:44 . 2008-04-13 18:45:41 25728 C:\WINDOWS\maxdrive\usbcamd2.sys
+ 2001-08-17 14:03:42 . 2008-04-13 18:45:40 25600 C:\WINDOWS\maxdrive\usbcamd.sys
+ 2006-12-14 07:10:26 . 2008-04-13 18:45:12 60032 C:\WINDOWS\maxdrive\usbaudio.sys
+ 2007-09-15 03:31:19 . 2009-06-05 18:42:38 39424 C:\WINDOWS\maxdrive\usbaapl.sys
+ 2004-08-04 06:04:33 . 2008-04-13 18:56:49 12800 C:\WINDOWS\maxdrive\usb8023x.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:56:49 12800 C:\WINDOWS\maxdrive\usb8023.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:32:36 66048 C:\WINDOWS\maxdrive\udfs.sys
+ 2004-08-04 06:07:43 . 2008-04-13 18:36:40 44672 C:\WINDOWS\maxdrive\uagp35.sys
+ 2004-07-26 20:01:20 . 2008-04-13 18:56:01 12288 C:\WINDOWS\maxdrive\tunmp.sys
+ 2001-08-17 1422 . 2001-08-23 12:00:00 21376 C:\WINDOWS\maxdrive\tsbvcap.sys
+ 2001-08-17 14:01:34 . 2001-08-23 12:00:00 51712 C:\WINDOWS\maxdrive\tosdvd.sys
+ 2004-07-26 19:16:47 . 2008-04-14 00:13:20 40840 C:\WINDOWS\maxdrive\termdd.sys
+ 2004-07-26 19:17:07 . 2008-04-14 00:13:21 21896 C:\WINDOWS\maxdrive\tdtcp.sys
+ 2004-07-26 19:17:07 . 2008-04-14 00:13:20 12040 C:\WINDOWS\maxdrive\tdpipe.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:00:05 19072 C:\WINDOWS\maxdrive\tdi.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:50 14976 C:\WINDOWS\maxdrive\tape.sys
+ 2004-07-26 11:51:38 . 2008-04-13 19:15:55 60800 C:\WINDOWS\maxdrive\sysaudio.sys
+ 2006-09-22 06:14:35 . 2006-09-22 06:14:35 10344 C:\WINDOWS\maxdrive\symlcbrd.sys
+ 2004-07-26 11:51:46 . 2008-04-13 18:45:09 56576 C:\WINDOWS\maxdrive\swmidi.sys
+ 2001-08-17 14:01:22 . 2008-04-13 18:45:15 49408 C:\WINDOWS\maxdrive\stream.sys
+ 2005-09-25 03:10:39 . 2004-12-19 04:32:32 38229 C:\WINDOWS\maxdrive\StMp3Rec.sys
+ 2004-07-26 19:18:54 . 2008-04-13 18:36:52 73472 C:\WINDOWS\maxdrive\sr.sys
+ 2001-08-17 1422 . 2008-04-13 18:46:07 25344 C:\WINDOWS\maxdrive\sonydcam.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 14592 C:\WINDOWS\maxdrive\smclib.sys
+ 2004-08-04 05:41:45 . 2004-08-04 05:41:45 13240 C:\WINDOWS\maxdrive\slwdmsup.sys
+ 2004-08-04 05:41:44 . 2004-08-04 05:41:44 95424 C:\WINDOWS\maxdrive\slnthal.sys
+ 2004-08-04 06:07:42 . 2008-04-13 18:36:39 40960 C:\WINDOWS\maxdrive\sisagp.sys
+ 2006-09-13 04:59:21 . 2004-01-28 22:03:26 21456 C:\WINDOWS\maxdrive\SilvrLnk.sys
+ 2004-07-26 11:50:38 . 2001-08-17 12:19:34 36480 C:\WINDOWS\maxdrive\sfmanm.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:48 11392 C:\WINDOWS\maxdrive\sfloppy.sys
+ 2004-08-04 05:59:54 . 2008-04-13 18:40:47 11008 C:\WINDOWS\maxdrive\sffp_sd.sys
+ 2008-08-22 23:39:19 . 2008-04-13 18:40:48 10240 C:\WINDOWS\maxdrive\sffp_mmc.sys
+ 2004-08-04 05:59:54 . 2008-04-13 18:40:47 11904 C:\WINDOWS\maxdrive\sffdisk.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:15:45 64512 C:\WINDOWS\maxdrive\serial.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:12 15744 C:\WINDOWS\maxdrive\serenum.sys
+ 2001-08-23 12:00:00 . 2007-11-13 10:25:53 20480 C:\WINDOWS\maxdrive\secdrv.sys
+ 2004-08-04 06:07:47 . 2008-04-13 18:36:44 79232 C:\WINDOWS\maxdrive\sdbus.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:30 96384 C:\WINDOWS\maxdrive\scsiport.sys
+ 2004-08-04 06:04:31 . 2008-04-13 18:56:49 30592 C:\WINDOWS\maxdrive\rndismpx.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:56:49 30592 C:\WINDOWS\maxdrive\rndismp.sys
+ 2001-08-17 13:24:46 . 2001-08-23 12:00:00 12032 C:\WINDOWS\maxdrive\riodrv.sys
+ 2001-08-17 13:24:46 . 2001-08-23 12:00:00 12032 C:\WINDOWS\maxdrive\rio8drv.sys
+ 2004-08-04 06:10:39 . 2008-04-13 18:46:32 59136 C:\WINDOWS\maxdrive\rfcomm.sys
+ 2004-07-26 11:51:12 . 2008-04-13 18:40:27 57600 C:\WINDOWS\maxdrive\redbook.sys
+ 2004-08-04 05:41:39 . 2004-08-04 05:41:39 13776 C:\WINDOWS\maxdrive\recagent.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 34432 C:\WINDOWS\maxdrive\rawwan.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 16512 C:\WINDOWS\maxdrive\raspti.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:19:48 48384 C:\WINDOWS\maxdrive\raspptp.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:32 41472 C:\WINDOWS\maxdrive\raspppoe.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:19:43 51328 C:\WINDOWS\maxdrive\rasl2tp.sys
+ 2006-09-27 21:53:22 . 2006-09-27 21:53:22 36560 C:\WINDOWS\maxdrive\pxhelp20.sys
+ 2001-09-04 22:39:28 . 2001-09-04 22:39:28 78454 C:\WINDOWS\maxdrive\pwd_2K.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 17792 C:\WINDOWS\maxdrive\ptilink.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:56:38 69120 C:\WINDOWS\maxdrive\psched.sys
+ 2001-08-17 13:48:34 . 2008-04-13 18:31:30 35840 C:\WINDOWS\maxdrive\processr.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:29 24960 C:\WINDOWS\maxdrive\pciidex.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:36:44 68224 C:\WINDOWS\maxdrive\pci.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:49 19712 C:\WINDOWS\maxdrive\partmgr.sys
+ 2001-08-17 13:50:12 . 2008-04-13 18:40:10 80128 C:\WINDOWS\maxdrive\parport.sys
+ 2001-08-17 13:48:36 . 2008-04-13 18:31:31 42752 C:\WINDOWS\maxdrive\p3.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 55936 C:\WINDOWS\maxdrive\nwlnkspx.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 63232 C:\WINDOWS\maxdrive\nwlnknb.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:56:06 88320 C:\WINDOWS\maxdrive\nwlnkipx.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 32512 C:\WINDOWS\maxdrive\nwlnkfwd.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 12416 C:\WINDOWS\maxdrive\nwlnkflt.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:32:39 30848 C:\WINDOWS\maxdrive\npfs.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:53:09 40320 C:\WINDOWS\maxdrive\nmnt.sys
+ 2001-08-17 13:24:44 . 2001-08-23 12:00:00 12032 C:\WINDOWS\maxdrive\nikedrv.sys
+ 2001-08-17 13:46:38 . 2008-04-13 18:51:25 61824 C:\WINDOWS\maxdrive\nic1394.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:56:02 34688 C:\WINDOWS\maxdrive\netbios.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:29 40576 C:\WINDOWS\maxdrive\ndproxy.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:20:42 91520 C:\WINDOWS\maxdrive\ndiswan.sys
+ 2001-08-17 13:53:56 . 2008-04-13 18:55:58 14592 C:\WINDOWS\maxdrive\ndisuio.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:27 10112 C:\WINDOWS\maxdrive\ndistapi.sys
+ 2004-07-26 20:00:38 . 2008-04-13 18:43:55 12672 C:\WINDOWS\maxdrive\mutohpen.sys
+ 2004-08-04 06:07:47 . 2008-04-13 18:36:46 15488 C:\WINDOWS\maxdrive\mssmbios.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:56:32 35072 C:\WINDOWS\maxdrive\msgpc.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:32:39 19072 C:\WINDOWS\maxdrive\msfs.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:39:46 42368 C:\WINDOWS\maxdrive\mountmgr.sys
+ 2010-03-07 23:12:45 . 2001-08-17 21:48:00 12160 C:\WINDOWS\maxdrive\mouhid.sys
+ 2001-08-17 13:47:58 . 2008-04-13 19:39:48 23040 C:\WINDOWS\maxdrive\mouclass.sys
+ 2004-07-26 11:51:22 . 2001-08-17 13:57:38 16128 C:\WINDOWS\maxdrive\MODEMCSA.sys
+ 2001-08-17 13:57:38 . 2008-04-13 19:00:19 30080 C:\WINDOWS\maxdrive\modem.sys
+ 2001-09-04 22:39:40 . 2001-09-04 22:39:40 19702 C:\WINDOWS\maxdrive\Mmc_2k.sys
+ 2001-08-17 13:58:02 . 2008-04-13 18:36:41 63744 C:\WINDOWS\maxdrive\mf.sys
+ 2004-08-04 05:41:55 . 2004-08-04 05:41:55 11868 C:\WINDOWS\maxdrive\mdmxsdk.sys
+ 2001-08-23 12:00:00 . 2009-06-24 11:18:41 92928 C:\WINDOWS\maxdrive\ksecdd.sys
+ 2006-11-13 02:31:08 . 2008-04-13 18:39:48 14592 C:\WINDOWS\maxdrive\kbdhid.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:39:47 24576 C:\WINDOWS\maxdrive\kbdclass.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:36:41 37248 C:\WINDOWS\maxdrive\isapnp.sys
+ 2004-07-26 11:49:05 . 2008-04-13 18:54:28 11264 C:\WINDOWS\maxdrive\irenum.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:19:42 75264 C:\WINDOWS\maxdrive\ipsec.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:07 20864 C:\WINDOWS\maxdrive\ipinip.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 32896 C:\WINDOWS\maxdrive\ipfltdrv.sys
+ 2004-08-04 06:00:06 . 2008-04-13 18:53:34 36608 C:\WINDOWS\maxdrive\ip6fw.sys
+ 2004-08-04 05:59:19 . 2008-04-13 18:31:32 36352 C:\WINDOWS\maxdrive\intelppm.sys
+ 2001-08-20 18:59:38 . 2001-08-20 18:59:38 25472 C:\WINDOWS\maxdrive\imapiRox.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:18:00 52480 C:\WINDOWS\maxdrive\i8042prt.sys
+ 2006-01-15 04:38:51 . 2005-03-08 04:52:28 21744 C:\WINDOWS\maxdrive\HPZius12.sys
+ 2006-01-15 04:39:59 . 2005-03-08 04:52:27 16496 C:\WINDOWS\maxdrive\HPZipr12.sys
+ 2006-01-15 04:39:51 . 2005-03-08 04:52:26 51120 C:\WINDOWS\maxdrive\HPZid412.sys
+ 2006-05-05 21:55:59 . 2008-04-13 18:45:27 10368 C:\WINDOWS\maxdrive\hidusb.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:45:22 24960 C:\WINDOWS\maxdrive\hidparse.sys
+ 2004-07-26 20:00:35 . 2008-04-13 18:45:26 19200 C:\WINDOWS\maxdrive\hidir.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:45:26 36864 C:\WINDOWS\maxdrive\hidclass.sys
+ 2004-08-04 06:10:36 . 2008-04-13 18:46:30 25600 C:\WINDOWS\maxdrive\hidbth.sys
+ 2008-01-29 19:01:28 . 2009-05-18 21:17:00 26600 C:\WINDOWS\maxdrive\GEARAspiWDM.sys
+ 2004-07-26 11:50:56 . 2008-04-13 18:45:29 10624 C:\WINDOWS\maxdrive\gameenum.sys
+ 2004-08-04 06:07:43 . 2008-04-13 18:36:40 46464 C:\WINDOWS\maxdrive\gagp30kx.sys
+ 2001-08-17 13:57:26 . 2001-08-23 12:00:00 12160 C:\WINDOWS\maxdrive\fsvga.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:25 20480 C:\WINDOWS\maxdrive\flpydisk.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:33:28 44544 C:\WINDOWS\maxdrive\fips.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:25 27392 C:\WINDOWS\maxdrive\fdc.sys
+ 2001-08-27 21:29:26 . 2001-08-27 21:29:26 50528 C:\WINDOWS\maxdrive\EUSBMSD.SYS
+ 2001-08-23 12:00:00 . 2008-04-13 18:38:29 71168 C:\WINDOWS\maxdrive\dxg.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 10496 C:\WINDOWS\maxdrive\dxapi.sys
+ 2001-09-04 22:39:50 . 2001-09-04 22:39:50 17990 C:\WINDOWS\maxdrive\Dvd_2k.sys
+ 2007-01-16 22:55:35 . 2002-01-22 04:39:54 39635 C:\WINDOWS\maxdrive\DSXUSB.sys
+ 2004-07-26 11:50:38 . 2008-04-13 18:45:14 60160 C:\WINDOWS\maxdrive\drmk.sys
+ 2004-08-17 04:41:12 . 2001-08-17 20:47:32 12928 C:\WINDOWS\maxdrive\Dot4Prt.sys
+ 2004-07-26 11:51:43 . 2008-04-13 18:45:01 52864 C:\WINDOWS\maxdrive\dmusic.sys
+ 2004-07-26 11:50:49 . 2001-08-17 12:11:42 29696 C:\WINDOWS\maxdrive\DM9PCI5.SYS
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:44 14208 C:\WINDOWS\maxdrive\diskdump.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:47 36352 C:\WINDOWS\maxdrive\disk.sys
+ 2001-08-17 13:48:40 . 2008-04-13 18:31:32 36736 C:\WINDOWS\maxdrive\crusoe.sys
+ 2001-08-17 13:24:38 . 2001-08-23 12:00:00 11776 C:\WINDOWS\maxdrive\cpqdap01.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:16:22 49536 C:\WINDOWS\maxdrive\classpnp.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:46 62976 C:\WINDOWS\maxdrive\cdrom.sys
+ 2004-07-26 19:24:29 . 2004-07-26 19:24:29 53072 C:\WINDOWS\maxdrive\cdr4_2K.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:14:21 63744 C:\WINDOWS\maxdrive\cdfs.sys
+ 2001-08-17 13:52:30 . 2001-08-23 12:00:00 18688 C:\WINDOWS\maxdrive\cdaudio.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 13952 C:\WINDOWS\maxdrive\cbidf2k.sys
+ 2004-08-04 06:10:34 . 2008-04-13 18:46:29 18944 C:\WINDOWS\maxdrive\bthusb.sys
+ 2004-08-04 06:10:37 . 2008-04-13 18:46:31 36480 C:\WINDOWS\maxdrive\bthprint.sys
+ 2004-08-04 06:10:38 . 2008-04-13 18:46:33 37888 C:\WINDOWS\maxdrive\bthmodem.sys
+ 2004-08-04 06:10:38 . 2008-04-13 18:46:33 17024 C:\WINDOWS\maxdrive\bthenum.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:53:23 71552 C:\WINDOWS\maxdrive\bridge.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:51:30 55808 C:\WINDOWS\maxdrive\atmlane.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 31360 C:\WINDOWS\maxdrive\atmepvc.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:51:25 59904 C:\WINDOWS\maxdrive\atmarpc.sys
+ 2004-07-26 20:00:34 . 2004-08-04 05:29:31 63488 C:\WINDOWS\maxdrive\atinxsxx.sys
+ 2004-07-26 20:00:34 . 2004-08-04 05:29:31 31744 C:\WINDOWS\maxdrive\atinxbxx.sys
+ 2004-07-26 20:00:34 . 2004-08-04 05:29:31 73216 C:\WINDOWS\maxdrive\atintuxx.sys
+ 2004-07-26 20:00:34 . 2004-08-04 05:29:30 13824 C:\WINDOWS\maxdrive\atinttxx.sys
+ 2004-07-26 20:00:34 . 2004-08-04 05:29:30 28672 C:\WINDOWS\maxdrive\atinsnxx.sys
+ 2004-07-26 20:00:33 . 2004-08-04 05:29:29 52224 C:\WINDOWS\maxdrive\atinraxx.sys
+ 2004-07-26 20:00:33 . 2004-08-04 05:29:29 14336 C:\WINDOWS\maxdrive\atinpdxx.sys
+ 2004-07-26 20:00:33 . 2004-08-04 05:29:28 13824 C:\WINDOWS\maxdrive\atinmdxx.sys
+ 2004-07-26 20:00:33 . 2004-08-04 05:29:27 57856 C:\WINDOWS\maxdrive\atinbtxx.sys
+ 2004-08-04 05:29:31 . 2004-08-04 05:29:31 34735 C:\WINDOWS\maxdrive\ati1xsxx.sys
+ 2004-08-04 05:29:31 . 2004-08-04 05:29:31 29455 C:\WINDOWS\maxdrive\ati1xbxx.sys
+ 2004-08-04 05:29:31 . 2004-08-04 05:29:31 36463 C:\WINDOWS\maxdrive\ati1tuxx.sys
+ 2004-08-04 05:29:31 . 2004-08-04 05:29:31 21343 C:\WINDOWS\maxdrive\ati1ttxx.sys
+ 2004-08-04 05:29:31 . 2004-08-04 05:29:31 26367 C:\WINDOWS\maxdrive\ati1snxx.sys
+ 2004-08-04 05:29:30 . 2004-08-04 05:29:30 63663 C:\WINDOWS\maxdrive\ati1rvxx.sys
+ 2004-08-04 05:29:30 . 2004-08-04 05:29:30 30671 C:\WINDOWS\maxdrive\ati1raxx.sys
+ 2004-08-04 05:29:29 . 2004-08-04 05:29:29 12047 C:\WINDOWS\maxdrive\ati1pdxx.sys
+ 2004-08-04 05:29:29 . 2004-08-04 05:29:29 11615 C:\WINDOWS\maxdrive\ati1mdxx.sys
+ 2004-08-04 05:29:29 . 2004-08-04 05:29:29 56623 C:\WINDOWS\maxdrive\ati1btxx.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:30 96512 C:\WINDOWS\maxdrive\atapi.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:27 14336 C:\WINDOWS\maxdrive\asyncmac.sys
+ 2010-05-25 11:31:42 . 2010-05-06 20:39:23 46672 C:\WINDOWS\maxdrive\aswTdi.sys
+ 2010-05-25 11:31:43 . 2010-05-06 20:34:27 23376 C:\WINDOWS\maxdrive\aswRdr.sys
+ 2010-05-25 11:31:39 . 2010-05-06 20:33:55 94800 C:\WINDOWS\maxdrive\aswmon.sys
+ 2010-05-25 11:31:45 . 2010-05-06 20:33:47 19024 C:\WINDOWS\maxdrive\aswFsBlk.sys
+ 2001-08-17 13:46:38 . 2008-04-13 18:51:25 60800 C:\WINDOWS\maxdrive\arp1394.sys
+ 2004-07-26 19:58:14 . 2008-04-13 18:31:33 37760 C:\WINDOWS\maxdrive\amdk7.sys
+ 2001-08-17 13:48:38 . 2008-04-13 18:31:32 37376 C:\WINDOWS\maxdrive\amdk6.sys
+ 2004-08-04 06:07:42 . 2008-04-13 18:36:39 43008 C:\WINDOWS\maxdrive\amdagp.sys
+ 2004-08-04 06:07:41 . 2008-04-13 18:36:38 42752 C:\WINDOWS\maxdrive\alim1541.sys
+ 2004-08-04 06:07:42 . 2008-04-13 18:36:39 44928 C:\WINDOWS\maxdrive\agpcpq.sys
+ 2004-07-26 11:50:23 . 2008-04-13 18:36:38 42368 C:\WINDOWS\maxdrive\agp440.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 11648 C:\WINDOWS\maxdrive\acpiec.sys
+ 2010-05-25 11:31:39 . 2010-05-06 20:33:29 28880 C:\WINDOWS\maxdrive\aavmker4.sys
+ 2010-06-15 20:07:56 . 2010-06-15 20:07:56 21504 C:\WINDOWS\Installer\127eea0.msi
+ 2010-06-04 10:02:15 . 2010-06-04 10:02:15 49152 C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-05-26 10:00:35 . 2010-01-23 08:11:44 46080 C:\WINDOWS\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 10:00:36 . 2010-04-22 22:21:32 16896 C:\WINDOWS\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 4352 C:\WINDOWS\maxdrive\wmilib.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 4736 C:\WINDOWS\maxdrive\usbd.sys
+ 2001-08-17 13:48:52 . 2008-04-13 18:39:53 4352 C:\WINDOWS\maxdrive\swenum.sys
+ 2004-07-26 11:51:36 . 2008-04-13 18:45:07 6272 C:\WINDOWS\maxdrive\splitter.sys
+ 2004-07-26 20:01:11 . 2008-04-13 18:36:34 5888 C:\WINDOWS\maxdrive\smbali.sys
+ 2006-01-16 00:04:36 . 2001-08-17 21:53:32 6784 C:\WINDOWS\maxdrive\serscan.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 5888 C:\WINDOWS\maxdrive\rootmdm.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 4224 C:\WINDOWS\maxdrive\rdpcdd.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 8832 C:\WINDOWS\maxdrive\rasacd.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 6784 C:\WINDOWS\maxdrive\parvdm.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 3456 C:\WINDOWS\maxdrive\oprghdlr.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 2944 C:\WINDOWS\maxdrive\null.sys
+ 2004-07-26 11:51:44 . 2008-04-13 18:39:51 4992 C:\WINDOWS\maxdrive\mspqm.sys
+ 2004-07-26 11:51:37 . 2008-04-13 18:39:50 5376 C:\WINDOWS\maxdrive\mspclock.sys
+ 2004-07-26 11:51:42 . 2008-04-13 18:39:52 7552 C:\WINDOWS\maxdrive\mskssrv.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 4224 C:\WINDOWS\maxdrive\mnmdd.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 7680 C:\WINDOWS\maxdrive\mcd.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:40:29 5504 C:\WINDOWS\maxdrive\intelide.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 7936 C:\WINDOWS\maxdrive\fs_rec.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 3328 C:\WINDOWS\maxdrive\dxgthk.sys
+ 2004-07-26 11:51:45 . 2008-04-13 18:45:13 2944 C:\WINDOWS\maxdrive\drmkaud.sys
+ 2004-08-17 04:41:05 . 2001-08-17 20:47:32 8704 C:\WINDOWS\maxdrive\Dot4scan.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 5888 C:\WINDOWS\maxdrive\dmload.sys
+ 2004-07-26 11:50:56 . 2001-08-17 12:19:20 3712 C:\WINDOWS\maxdrive\ctljystk.sys
+ 2004-07-26 11:50:37 . 2001-08-17 12:19:28 6912 C:\WINDOWS\maxdrive\ctlfacem.sys
+ 2004-11-11 01:30:18 . 2006-10-05 02:42:42 2560 C:\WINDOWS\maxdrive\cdralw2k.sys
+ 2004-11-11 01:27:34 . 2006-10-05 02:42:42 2432 C:\WINDOWS\maxdrive\cdr4_xp.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 4224 C:\WINDOWS\maxdrive\beep.sys
+ 2004-07-26 11:51:32 . 2001-08-17 13:59:44 3072 C:\WINDOWS\maxdrive\audstub.sys
+ 2009-07-12 07:02:02 . 2009-07-12 07:02:02 653120 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 569664 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 07:05:16 . 2009-07-12 07:05:16 225280 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 07:02:00 . 2009-07-12 07:02:00 159032 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-04-30 08:19:29 . 2010-05-14 17:11:24 245760 C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-30 08:19:29 . 2010-07-01 06:23:07 245760 C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat
+ 2010-05-25 11:30:59 . 2010-05-06 20:59:36 165032 C:\WINDOWS\system32\aswBoot.exe
+ 2004-08-04 06:10:10 . 2008-04-13 18:46:20 121984 C:\WINDOWS\maxdrive\usbvideo.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:45:36 143872 C:\WINDOWS\maxdrive\usbport.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:39:46 384768 C:\WINDOWS\maxdrive\update.sys
+ 2001-09-10 17:43:46 . 2001-09-10 17:43:46 205824 C:\WINDOWS\maxdrive\udfreadr_xp.sys
+ 2001-08-23 12:00:00 . 2010-02-11 12:02:15 226880 C:\WINDOWS\maxdrive\tcpip6.sys
+ 2001-08-23 12:00:00 . 2008-06-20 11:51:12 361600 C:\WINDOWS\maxdrive\tcpip.sys
+ 2001-08-23 12:00:00 . 2009-12-31 16:50:03 353792 C:\WINDOWS\maxdrive\srv.sys
+ 2004-08-04 05:41:42 . 2004-08-04 05:41:42 404990 C:\WINDOWS\maxdrive\slntamr.sys
+ 2004-08-04 05:41:40 . 2004-08-04 05:41:40 129535 C:\WINDOWS\maxdrive\slnt7554.sys
+ 2004-08-04 05:29:51 . 2004-08-04 05:29:51 166912 C:\WINDOWS\maxdrive\s3gnbm.sys
+ 2001-08-23 12:00:00 . 2008-05-08 14:02:52 203136 C:\WINDOWS\maxdrive\rmcast.sys
+ 2004-07-26 19:17:07 . 2008-04-14 00:13:22 139656 C:\WINDOWS\maxdrive\rdpwd.sys
+ 2004-07-26 19:16:46 . 2008-04-13 18:32:51 196224 C:\WINDOWS\maxdrive\rdpdr.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:28:39 175744 C:\WINDOWS\maxdrive\rdbss.sys
+ 2004-07-26 11:50:38 . 2008-04-13 19:19:41 146048 C:\WINDOWS\maxdrive\portcls.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:36:43 120192 C:\WINDOWS\maxdrive\pcmcia.sys
+ 2004-07-26 11:50:41 . 2001-08-17 12:50:26 731648 C:\WINDOWS\maxdrive\nv4.sys
+ 2004-08-04 05:41:39 . 2004-08-04 05:41:39 180360 C:\WINDOWS\maxdrive\ntmtlfax.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:15:53 574976 C:\WINDOWS\maxdrive\ntfs.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:21:00 162816 C:\WINDOWS\maxdrive\netbt.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:20:37 182656 C:\WINDOWS\maxdrive\ndis.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:17:05 105344 C:\WINDOWS\maxdrive\mup.sys
+ 2004-08-04 05:29:36 . 2004-08-04 05:29:36 452736 C:\WINDOWS\maxdrive\mtxparhm.sys
+ 2004-08-04 05:41:38 . 2004-08-04 05:41:38 126686 C:\WINDOWS\maxdrive\mtlmnt5.sys
+ 2001-08-23 12:00:00 . 2010-02-24 13:11:07 455680 C:\WINDOWS\maxdrive\mrxsmb.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:32:44 180608 C:\WINDOWS\maxdrive\mrxdav.sys
+ 2001-12-04 16:18:06 . 2001-12-04 16:18:06 659905 C:\WINDOWS\maxdrive\ltmdmxp.sys
+ 2004-07-26 11:51:00 . 2004-08-04 05:41:35 606684 C:\WINDOWS\maxdrive\ltmdmnt.sys
+ 2001-08-17 22:24:30 . 2008-04-13 19:16:36 141056 C:\WINDOWS\maxdrive\ks.sys
+ 2004-07-26 11:51:39 . 2008-04-13 18:45:09 172416 C:\WINDOWS\maxdrive\kmixer.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:57:15 152832 C:\WINDOWS\maxdrive\ipnat.sys
+ 2004-08-04 06:00:13 . 2009-10-20 16:20:16 265728 C:\WINDOWS\maxdrive\http.sys
+ 2004-08-04 05:41:48 . 2004-08-04 05:41:48 685056 C:\WINDOWS\maxdrive\hsfcxts2.sys
+ 2004-08-04 05:41:46 . 2004-08-04 05:41:46 220032 C:\WINDOWS\maxdrive\hsfbs2s2.sys
+ 2008-08-22 23:37:44 . 2008-04-13 16:36:05 144384 C:\WINDOWS\maxdrive\hdaudbus.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 125056 C:\WINDOWS\maxdrive\ftdisk.sys
+ 2004-08-04 06:01:19 . 2008-04-13 18:32:59 129792 C:\WINDOWS\maxdrive\fltmgr.sys
+ 2001-08-23 12:00:00 . 2008-04-13 19:14:29 143744 C:\WINDOWS\maxdrive\fastfat.sys
+ 2004-07-26 11:50:38 . 2001-08-17 12:19:26 283904 C:\WINDOWS\maxdrive\emu10k1m.sys
+ 2004-08-17 04:41:00 . 2008-04-13 18:39:46 206976 C:\WINDOWS\maxdrive\dot4.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:44:46 153344 C:\WINDOWS\maxdrive\dmio.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:44:48 799744 C:\WINDOWS\maxdrive\dmboot.sys
+ 2001-08-17 14:02:26 . 2001-08-23 12:00:00 262528 C:\WINDOWS\maxdrive\cinemst2.sys
+ 2001-09-04 23:37:08 . 2001-09-04 23:37:08 233344 C:\WINDOWS\maxdrive\cdudf_xp.sys
+ 2004-08-04 06:10:37 . 2008-06-13 11:05:51 272128 C:\WINDOWS\maxdrive\bthport.sys
+ 2004-08-04 05:58:38 . 2008-04-13 18:51:34 101120 C:\WINDOWS\maxdrive\bthpan.sys
+ 2001-08-23 12:00:00 . 2001-08-23 12:00:00 352256 C:\WINDOWS\maxdrive\atmuni.sys
+ 2004-07-26 20:00:34 . 2004-08-04 05:29:30 104960 C:\WINDOWS\maxdrive\atinrvxx.sys
+ 2004-07-26 20:00:29 . 2004-08-04 05:29:26 701440 C:\WINDOWS\maxdrive\ati2mtag.sys
+ 2004-07-26 20:00:28 . 2004-08-04 05:29:26 327040 C:\WINDOWS\maxdrive\ati2mtaa.sys
+ 2010-05-25 11:31:45 . 2010-05-06 20:39:00 164048 C:\WINDOWS\maxdrive\aswSP.sys
+ 2010-05-25 11:31:39 . 2010-05-06 20:33:59 100432 C:\WINDOWS\maxdrive\aswmon2.sys
+ 2001-08-23 12:00:00 . 2008-08-14 10:04:36 138496 C:\WINDOWS\maxdrive\afd.sys
+ 2004-07-26 11:51:47 . 2008-04-13 16:39:23 142592 C:\WINDOWS\maxdrive\aec.sys
+ 2001-08-23 12:00:00 . 2008-04-13 18:36:35 187776 C:\WINDOWS\maxdrive\acpi.sys
+ 2010-05-25 11:31:26 . 2010-05-25 11:31:26 219648 C:\WINDOWS\Installer\12ae9f46.msi
+ 2010-05-26 10:00:36 . 2009-05-26 09:01:12 382840 C:\WINDOWS\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 10:00:36 . 2009-05-26 09:01:12 231288 C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2009-07-12 07:02:02 . 2009-07-12 07:02:02 3780424 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02:02 . 2009-07-12 07:02:02 3765048 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2003-10-06 21:16:00 . 2003-10-06 21:16:00 1550043 C:\WINDOWS\maxdrive\nv4_mini.sys
+ 2004-08-04 05:41:37 . 2004-08-04 05:41:37 1309184 C:\WINDOWS\maxdrive\mtlstrm.sys
+ 2004-08-04 05:41:54 . 2004-08-04 05:41:54 1041536 C:\WINDOWS\maxdrive\hsfdpsp2.sys
+ 2010-06-04 10:00:31 . 2010-06-04 10:00:31 20242432 C:\WINDOWS\Installer\1f3e1acb.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 23:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 21:16:00 5058560]
"WD Button Manager"="WDBtnMgr.exe" [2008-08-11 21:46:35 364544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 04:58:34 47392]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 02:58:30 856064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 0833 976832]
"MSN Toolbar"="C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 04:29:44 240992]
"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 18:12:14 288080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-03-18 04:53:36 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-03-26 08:10:02 142120]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 20:59:42 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 20:35:12 152952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-10 23:14:10 53248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-3-31 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-26 113664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54:56 5674352 ----a-w- C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18:32 366400 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07:20 2260480 ------w- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=C:\Program Files\Common Files\AOL\1146716064\ee\AOLSoftware.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146716064\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146716064\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [5/25/2010 4:31:45 AM 164048]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [5/25/2010 4:31:45 AM 19024]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [3/7/2010 4:15:41 PM 3032360]
S2 gupdate1c98e317d177200;Google Update Service (gupdate1c98e317d177200);C:\Program Files\Google\Update\GoogleUpdate.exe [2/13/2009 4:18:59 PM 133104]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys --> C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\WINDOWS\system32\drivers\wacmoumonitor.sys [3/7/2010 4:15:50 PM 15144]
S4 AutoSyncService;Memeo AutoSync ;C:\Program Files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28:44 PM 31768]
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12]

2010-07-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 23:18:59 . 2009-02-13 23:18:15]

2010-06-27 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 23:18:59 . 2009-02-13 23:18:15]

2010-07-01 C:\WINDOWS\Tasks\User_Feed_Synchronization-{784BEF3D-4451-4A26-9E9E-1185073AD2FC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 19:58:32 . 2009-03-08 11:31:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: gsp.dll
Trusted Zone: amazon.com\www
Trusted Zone: melaleuca.com\www
Trusted Zone: melaluca.com\www
Trusted Zone: microsoft.com\mail
Trusted Zone: parentorganizer.com
Trusted Zone: yahoo.com\www
FF - ProfilePath - C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ho9x2gce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: C:\Program Files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\Documents and Settings\Brett\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Documents and Settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\WINDOWS\system32\DNAML\npdbplug.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.





2nd pass

ComboFix 10-06-30.03 - Brett 07/01/2010 0:23:02.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.368 [GMT -7:00]
Running from: C:\Documents and Settings\Brett\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\mfmm
C:\Program Files\Common Files\mfmm\mfmma.lck
C:\Program Files\Common Files\mfmm\mfmmd\class-barrel
C:\Program Files\Common Files\mfmm\mfmmd\vocabulary
C:\Program Files\Common Files\mfmm\mfmml.lck
C:\Program Files\Common Files\mfmm\mfmmm.lck
C:\Program Files\Common Files\mfmm\mfmmp.lck
C:\WINDOWS\look.bat

.
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-27 17:20:16 . 2010-06-07 23:16:54 220024 ----a-w- C:\WINDOWS\sigcheck.exe
2010-06-27 17:11:40 . 2010-06-27 17:21:04 -------- d-----w- C:\WINDOWS\maxdrive
2010-06-16 06:47:06 . 2010-06-16 06:47:06 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\FileOpen

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 07:12:37 . 2010-03-07 23:17:04 -------- d-----w- C:\Documents and Settings\Brett\Application Data\WTablet
2010-06-20 17:27:49 . 2010-03-08 00:49:48 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\WTablet
2010-06-13 05:00:48 . 2004-12-11 05:16:33 -------- d-----w- C:\Documents and Settings\Brett\Application Data\Apple Computer
2010-06-09 0833 . 2010-06-09 0833 976832 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AdobeARM.exe
2010-06-09 0833 . 2010-06-09 0833 70584 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AdobeExtractFiles.dll
2010-06-09 0833 . 2010-06-09 0833 331176 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\ReaderUpdater.exe
2010-06-09 0833 . 2010-06-09 0833 331176 ----a-w- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AcrobatUpdater.exe
2010-06-08 01:07:52 . 2010-06-08 01:07:52 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-06-06 20:45:13 . 2009-09-22 14:22:33 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-05-06 20:39:23 . 2010-05-25 11:31:42 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-05-06 20:39:00 . 2010-05-25 11:31:45 164048 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2010-05-06 20:34:27 . 2010-05-25 11:31:43 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-05-06 20:33:59 . 2010-05-25 11:31:39 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-05-06 20:33:55 . 2010-05-25 11:31:39 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2010-05-06 20:33:47 . 2010-05-25 11:31:45 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-05-06 20:33:29 . 2010-05-25 11:31:39 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-04-25 08:42:51 . 2010-04-25 08:42:51 73000 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-25 08:31:40 . 2010-04-25 08:31:40 79144 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-13 06:10:38 . 2009-11-16 16:49:07 143976 ----a-w- C:\Documents and Settings\Brett\Application Data\Move Networks\uninstall.exe
2010-04-13 06:10:36 . 2009-10-15 00:50:30 5642688 ----a-w- C:\Documents and Settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-13 06:10:32 . 2010-04-13 06:10:18 1794456 ----a-w- C:\Documents and Settings\Brett\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2008-01-03 02:01:25 . 2008-01-03 02:01:25 2145543 ----a-w- C:\Program Files\psuite_bas.exe
2008-01-03 02:00:20 . 2008-01-03 02:00:20 4712440 ----a-w- C:\Program Files\snsetup.exe
2006-04-21 02:20:04 . 2006-04-21 02:20:04 2224128 ----a-r- C:\Program Files\SetupWizard.exe
2005-08-13 05:19:41 . 2005-08-13 05:19:40 344 ----a-w- C:\Program Files\Norton AntiVirus_Key.txt
2005-03-16 05:19:28 . 2005-03-16 05:19:28 4956 ----a-w- C:\Program Files\hijackthis4
2005-02-16 17:37:43 . 2005-02-16 17:37:43 4810 ----a-w- C:\Program Files\hijackthis2
2005-01-20 00:30:45 . 2005-01-20 00:30:45 4178 ----a-w- C:\Program Files\new hijack
2003-11-18 02:17:34 . 2003-11-18 02:17:34 3262 ----a-r- C:\Program Files\SetupWIZ.ico
2003-06-30 19:24:08 . 2007-01-25 02:18:19 1023755 ----a-w- C:\Program Files\BCLWebContent.mxp
2003-05-07 01:28:32 . 2007-01-25 02:18:19 59383 ----a-w- C:\Program Files\WebContent.chm
.

((((((((((((((((((((((((((((( SnapShot_2010-07-01_07.04.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 07:12:29 . 2010-07-01 07:12:29 16384 C:\WINDOWS\Temp\Perflib_Perfdata_e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 23:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 21:16:00 5058560]
"WD Button Manager"="WDBtnMgr.exe" [2008-08-11 21:46:35 364544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 04:58:34 47392]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 02:58:30 856064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 0833 976832]
"MSN Toolbar"="C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 04:29:44 240992]
"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 18:12:14 288080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-03-18 04:53:36 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-03-26 08:10:02 142120]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 20:59:42 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 20:35:12 152952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-10 23:14:10 53248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-3-31 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-26 113664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54:56 5674352 ----a-w- C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18:32 366400 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07:20 2260480 ------w- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=C:\Program Files\Common Files\AOL\1146716064\ee\AOLSoftware.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146716064\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146716064\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [5/25/2010 4:31:45 AM 164048]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [5/25/2010 4:31:45 AM 19024]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [3/7/2010 4:15:41 PM 3032360]
S2 gupdate1c98e317d177200;Google Update Service (gupdate1c98e317d177200);C:\Program Files\Google\Update\GoogleUpdate.exe [2/13/2009 4:18:59 PM 133104]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys --> C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\WINDOWS\system32\drivers\wacmoumonitor.sys [3/7/2010 4:15:50 PM 15144]
S4 AutoSyncService;Memeo AutoSync ;C:\Program Files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28:44 PM 31768]
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12]

2010-07-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 23:18:59 . 2009-02-13 23:18:15]

2010-06-27 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 23:18:59 . 2009-02-13 23:18:15]

2010-07-01 C:\WINDOWS\Tasks\User_Feed_Synchronization-{784BEF3D-4451-4A26-9E9E-1185073AD2FC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 19:58:32 . 2009-03-08 11:31:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: gsp.dll
Trusted Zone: amazon.com\www
Trusted Zone: melaleuca.com\www
Trusted Zone: melaluca.com\www
Trusted Zone: microsoft.com\mail
Trusted Zone: parentorganizer.com
Trusted Zone: yahoo.com\www
FF - ProfilePath - C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ho9x2gce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: C:\Program Files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\Documents and Settings\Brett\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Documents and Settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\WINDOWS\system32\DNAML\npdbplug.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
Attached Files
File Type: txt ComboFix 1.txt (47.3 KB, 13 views)
File Type: txt ComboFix.txt (14.9 KB, 13 views)
Brett Gowski is offline  
Old 07-01-2010, 01:28 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Sorry to hear about the work schedule. I hope I didn't 'jinx' it.

Before we continue, why did you run ComboFix twice? Did you experience some trouble with the first run?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-02-2010, 01:20 AM   #9
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



To be honest in reading you last post it looked like I was supposed to run it twice as it posted similar instructions more than once... I was tired... I just asked my wife to read the instructions and she took away a completely different massage than run this twice... A good laugh was shared... Either way no real issues.

Combo fx did ask me to restart the computer because it ran into a root (root something... I don't remember and I can't find the paper I wrote it down on... sorry). Either way, after I restarted combo fix picked back up where it left and completed the scan and log data.

I have run combo fix 7 more times just to make sure and will post the logs in my next reply... just kidding.

Let me know next steps. Thanks and be well
Brett Gowski is offline  
Old 07-02-2010, 05:33 AM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



No worries, must be all the hours you've been putting in on that special project.

Quote:
have run combo fix 7 more times just to make sure and will post the logs in my next reply... just kidding.
Okay - I admit you made my heart jump on that one.


Open notepad and copy/paste the text in the code box below into it:

Quote:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=-
"C:\\WINDOWS\\system32\\spoolsv.exe"=-

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It will take several hours, so please be patient and allow it to run it's full course.

You might want to have your wife get the scan started and let it run while you're at work. If she runs into any trouble, she can post here for advice.


Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior


Also - do you still need any of these Symantec programs at all?

LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-02-2010, 11:53 PM   #11
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



Thanks for the follow up. Sorry I couldn't resist the joke...

Below please find the results from the Kaspersky and Combo Fix scans.

In terms of system behavior using the internet seems better and I do not seem to have the same redirect issues, though my free web time has been limited over the last few weeks... In the quick search I did this morning and just now I did not have any redirect issues. I do seem to be having issues with unwanted pop up ads at times, but I assume this is specific to certain pages?

Your question about needing the below listed files - No we do not need these. How can I get rid of these for good?
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls


Combofix results:
ComboFix 10-07-01.02 - Brett 07/02/2010 9:30.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.249 [GMT -7:00]
Running from: c:\documents and settings\Brett\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brett\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-01 15:25 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-01 11:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-27 17:20 . 2010-06-07 23:16 220024 ----a-w- c:\windows\sigcheck.exe
2010-06-27 17:11 . 2010-06-27 17:21 -------- d-----w- c:\windows\maxdrive
2010-06-16 06:47 . 2010-06-16 06:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 16:15 . 2010-03-07 23:17 -------- d-----w- c:\documents and settings\Brett\Application Data\WTablet
2010-07-02 10:46 . 2010-03-08 00:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-28 20:57 . 2010-05-25 11:30 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-25 11:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-25 11:31 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-25 11:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-25 11:31 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-05-25 11:31 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-25 11:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-05-25 11:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-13 05:00 . 2004-12-11 05:16 -------- d-----w- c:\documents and settings\Brett\Application Data\Apple Computer
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\30699\AcrobatUpdater.exe
2010-06-08 01:07 . 2010-06-08 01:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 20:45 . 2009-09-22 14:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-25 11:30 . 2010-05-25 11:30 -------- d-----w- c:\program files\Alwil Software
2010-05-25 11:30 . 2010-05-25 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-25 02:42 . 2010-05-25 02:42 503808 ----a-w- c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-373dadb5-n\msvcp71.dll
2010-05-25 02:42 . 2010-05-25 02:42 499712 ----a-w- c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-373dadb5-n\jmc.dll
2010-05-25 02:42 . 2010-05-25 02:42 348160 ----a-w- c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-373dadb5-n\msvcr71.dll
2010-05-23 16:18 . 2010-05-23 16:18 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-05-20 07:25 . 2010-05-20 07:25 -------- d-----w- c:\program files\Common Files\eSellerate
2010-05-20 06:51 . 2004-07-26 20:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-20 06:51 . 2004-07-26 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-20 06:43 . 2006-01-18 06:46 -------- d-----w- c:\program files\Symantec
2010-05-20 06:41 . 2009-09-12 21:58 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-06 10:41 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 08:42 . 2010-04-25 08:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-25 08:31 . 2010-04-25 08:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-20 05:30 . 2001-08-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 06:10 . 2009-11-16 16:49 143976 ----a-w- c:\documents and settings\Brett\Application Data\Move Networks\uninstall.exe
2010-04-13 06:10 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-13 06:10 . 2010-04-13 06:10 1794456 ----a-w- c:\documents and settings\Brett\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2008-01-03 02:01 . 2008-01-03 02:01 2145543 ----a-w- c:\program files\psuite_bas.exe
2008-01-03 02:00 . 2008-01-03 02:00 4712440 ----a-w- c:\program files\snsetup.exe
2006-04-21 02:20 . 2006-04-21 02:20 2224128 ----a-r- c:\program files\SetupWizard.exe
2005-08-13 05:19 . 2005-08-13 05:19 344 ----a-w- c:\program files\Norton AntiVirus_Key.txt
2005-03-16 05:19 . 2005-03-16 05:19 4956 ----a-w- c:\program files\hijackthis4
2005-02-16 17:37 . 2005-02-16 17:37 4810 ----a-w- c:\program files\hijackthis2
2005-01-20 00:30 . 2005-01-20 00:30 4178 ----a-w- c:\program files\new hijack
2003-11-18 02:17 . 2003-11-18 02:17 3262 ----a-r- c:\program files\SetupWIZ.ico
2003-06-30 19:24 . 2007-01-25 02:18 1023755 ----a-w- c:\program files\BCLWebContent.mxp
2003-05-07 01:28 . 2007-01-25 02:18 59383 ----a-w- c:\program files\WebContent.chm
.

((((((((((((((((((((((((((((( SnapShot_2010-07-01_07.04.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-02 10:46 . 2010-07-02 10:46 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat
+ 2010-03-24 02:59 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2010-03-24 02:59 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2010-03-31 07:16 . 2010-03-31 07:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2001-08-23 12:00 . 2010-07-02 10:50 71060 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2010-05-14 18:52 71060 c:\windows\system32\perfc009.dat
+ 2009-11-06 05:17 . 2009-11-06 05:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2006-11-08 05:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 05:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2009-06-10 05:29 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 05:29 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2007-05-09 20:43 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 20:43 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:22 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2001-08-23 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 22:32 . 2010-03-31 22:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 08:30 . 2008-05-28 08:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 03:19 . 2003-02-21 03:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 22:32 . 2010-03-31 22:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2004-07-26 18:37 . 2010-07-02 10:01 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2010-04-14 10:09 . 2010-04-14 10:09 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-07-02 10:21 . 2010-07-02 10:21 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-07-02 10:17 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-07-02 10:24 . 2010-07-02 10:24 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bd398389\System.Drawing.Design.dll
+ 2010-07-02 10:24 . 2010-07-02 10:24 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_21279e9a\CustomMarshalers.dll
+ 2010-07-02 10:20 . 2010-07-02 10:20 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1b5c48209b6c4c58544733f21309defb\UIAutomationProvider.ni.dll
+ 2010-07-02 10:31 . 2010-07-02 10:31 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\4843fc0696fb13afff970a8646d899fa\System.Windows.Presentation.ni.dll
+ 2010-07-02 10:23 . 2010-07-02 10:23 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\ceca8c37ef99e5ae29b7c057988930aa\PresentationFontCache.ni.exe
+ 2010-07-02 10:21 . 2010-07-02 10:21 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0dc54e81497cbd8ff0e34e7cd4c2bd6c\PresentationCFFRasterizer.ni.dll
- 2009-04-01 05:20 . 2009-04-01 05:20 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-07-02 10:04 . 2010-07-02 10:04 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-07-02 10:23 . 2010-07-02 10:23 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2004-07-26 18:37 . 2010-05-12 10:03 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-03-31 07:10 . 2010-03-31 07:10 295264 c:\windows\system32\PresentationHost.exe
- 2001-08-23 12:00 . 2010-05-14 18:52 441124 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-07-02 10:50 441124 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2004-07-26 20:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2004-07-26 20:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 05:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
- 2004-07-26 19:58 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2004-07-26 19:58 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-07-26 19:58 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2004-07-26 19:58 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2004-07-26 19:58 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2004-07-26 19:58 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2004-07-26 11:48 . 2010-07-02 10:45 423312 c:\windows\system32\FNTCACHE.DAT
- 2004-07-26 11:48 . 2009-11-11 11:24 423312 c:\windows\system32\FNTCACHE.DAT
- 2006-05-10 05:23 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-10-17 20:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 20:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:23 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 20:43 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-10 05:29 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 05:29 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:22 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-07 11:27 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 11:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 11:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 11:26 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2009-04-30 08:19 . 2010-07-01 06:23 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-30 08:19 . 2010-07-02 10:21 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-03-31 07:16 . 2010-03-31 07:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 21:49 . 2010-03-31 21:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 22:32 . 2010-03-31 22:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-12-25 18:08 . 2009-12-25 18:08 662016 c:\windows\Installer\7a170b.msi
+ 2010-07-02 10:21 . 2010-07-02 10:21 200192 c:\windows\Installer\7a170a.msi
+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\69acdf.msp
+ 2004-07-26 18:37 . 2010-07-02 10:01 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2004-07-26 18:37 . 2010-05-12 10:03 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2004-07-26 18:37 . 2010-07-02 10:01 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2010-07-02 10:17 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-07-02 10:17 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-07-02 10:17 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-07-02 10:17 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-07-02 10:17 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-07-02 10:17 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2009-10-14 10:06 . 2009-10-14 10:06 835584 c:\windows\assembly\temp\LSZ6DKSY5C\System.Drawing.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1c8dded8\System.Drawing.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4023e489\System.Drawing.Design.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c4aaadb1\CustomMarshalers.dll
+ 2010-07-02 10:29 . 2010-07-02 10:29 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\e9644d441c4192e96a6eaa0dfb2765cd\WindowsFormsIntegration.ni.dll
+ 2010-07-02 10:28 . 2010-07-02 10:28 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\e46670176ae8172b100964cc6c617430\UIAutomationClient.ni.dll
+ 2010-07-02 10:31 . 2010-07-02 10:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e05fc7f8786fe883d4908af473582d\System.Web.DynamicData.ni.dll
+ 2010-07-02 10:08 . 2010-07-02 10:08 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\67547568106df4eba6ee2c0e4bc7c849\System.IO.Log.ni.dll
+ 2010-07-02 10:11 . 2010-07-02 10:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\a36bf5a88c1b17cbfa01d4ec93ecfd6b\System.IdentityModel.Selectors.ni.dll
+ 2010-07-02 10:11 . 2010-07-02 10:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\5580a680b936dc2372adb46a72244326\SMSvcHost.ni.exe
+ 2010-07-02 10:11 . 2010-07-02 10:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a12da12ac6528c2e6a43cd54c9a467a5\SMDiagnostics.ni.dll
+ 2010-07-02 10:11 . 2010-07-02 10:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\095b3eefdadf0090f48fe93e8348fff3\ServiceModelReg.ni.exe
+ 2010-07-02 10:26 . 2010-07-02 10:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\861d21a3c114ebb9569c7c6855cc0970\PresentationFramework.Luna.ni.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7ae399f8687afd8a30d3b09f82214472\PresentationFramework.Royale.ni.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30de193c1899703d7c2c37d6352c3d4f\PresentationFramework.Aero.ni.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\140484b31fbdcdbd5a79d56ed11d9faa\PresentationFramework.Classic.ni.dll
+ 2010-07-02 10:11 . 2010-07-02 10:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e70dabd42861332d0add4ab37a74e91a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-07-02 10:10 . 2010-07-02 10:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\46f2fa33cf8577ffe133f368c4ac0088\ComSvcConfig.ni.exe
+ 2010-07-02 10:04 . 2010-07-02 10:04 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-07-02 10:04 . 2010-07-02 10:04 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-04-01 05:20 . 2009-04-01 05:20 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-07-02 10:04 . 2010-07-02 10:04 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2004-05-27 10:50 . 2010-04-06 11:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-01-21 23:20 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2004-01-21 23:20 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2003-05-13 17:28 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2003-05-13 17:28 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-07-08 01:37 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
- 2006-10-17 19:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 19:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2004-05-27 10:50 . 2010-04-06 11:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-15 06:35 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
- 2006-05-10 05:23 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2006-05-19 15:08 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 20:43 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 20:43 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 21:50 . 2010-03-31 21:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 21:50 . 2010-03-31 21:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 07:43 . 2008-05-28 07:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\7a16d6.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\69ace7.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\69ace6.msp
+ 2010-04-25 00:10 . 2010-04-25 00:10 8486400 c:\windows\Installer\69acd5.msp
+ 2010-07-02 10:17 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-07-02 10:17 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 1966080 c:\windows\assembly\temp\S07ELSZ6DK\System.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 3018752 c:\windows\assembly\temp\NU18FNV29G\System.Windows.Forms.dll
+ 2009-10-14 10:07 . 2009-10-14 10:07 3391488 c:\windows\assembly\temp\HPW3AHPX4B\mscorlib.dll
+ 2009-10-14 10:06 . 2009-10-14 10:06 2088960 c:\windows\assembly\temp\9GNU18FMT0\System.Xml.dll
+ 2009-10-14 10:05 . 2009-10-14 10:05 1232896 c:\windows\assembly\temp\6ELRY4BIPV\System.dll
+ 2010-07-02 10:24 . 2010-07-02 10:24 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3359f1b0\System.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_325096d0\System.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72121c9c\System.Xml.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_145a608c\System.Xml.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_aa767c3e\System.Windows.Forms.dll
+ 2010-07-02 10:24 . 2010-07-02 10:24 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6409fc22\System.Windows.Forms.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_09c120c5\System.Drawing.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c4a4714e\System.Design.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_593d1e2e\System.Design.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c34f40f7\mscorlib.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b653969c\mscorlib.dll
+ 2010-07-02 10:21 . 2010-07-02 10:21 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\190c2f2369a6141210a5d7d177137f7e\WindowsBase.ni.dll
+ 2010-07-02 10:29 . 2010-07-02 10:29 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\184e908cd254596501d087e3d48822b3\UIAutomationClientsideProviders.ni.dll
+ 2010-07-02 10:31 . 2010-07-02 10:31 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\685065db81812f383a68b2218dc00fcc\System.WorkflowServices.ni.dll
+ 2010-07-02 10:31 . 2010-07-02 10:31 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\597cfe784c504679ae45cea8e9a0ba58\System.Web.Extensions.ni.dll
+ 2010-07-02 10:31 . 2010-07-02 10:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e7c4f14d35b13a96b52b2fc37b44e542\System.ServiceModel.Web.ni.dll
+ 2010-07-02 10:08 . 2010-07-02 10:08 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\af859c8c333324fa5e47663c77324088\System.Runtime.Serialization.ni.dll
+ 2010-07-02 10:27 . 2010-07-02 10:27 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\07da8efabe895c0fb1ea23f61043061f\System.Printing.ni.dll
+ 2010-07-02 10:08 . 2010-07-02 10:08 1061888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3a604ae05f017167907378e7d4e5b0be\System.IdentityModel.ni.dll
+ 2010-07-02 10:18 . 2010-07-02 10:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\69cd09a0746e97d831041788af045a20\System.Data.Services.ni.dll
+ 2010-07-02 10:06 . 2010-07-02 10:06 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\de2a519d43950d47e29a314833f487c3\System.Data.Linq.ni.dll
+ 2010-07-02 10:17 . 2010-07-02 10:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\e42f8c9a78c4a90c565c588a9e7cbf19\System.Data.Entity.ni.dll
+ 2010-07-02 10:27 . 2010-07-02 10:27 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5257382e8e9de22950ea8e4e3a9de8dd\ReachFramework.ni.dll
+ 2010-07-02 10:26 . 2010-07-02 10:26 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\90243e38315236e14e3dfc584a1e80ce\PresentationUI.ni.dll
+ 2010-07-02 10:11 . 2010-07-02 10:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\61fda64879c8c22ddf5c16b6b0254fd8\Microsoft.Transactions.Bridge.ni.dll
+ 2010-07-02 10:20 . 2010-07-02 10:20 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-07-02 10:04 . 2010-07-02 10:04 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-07-02 10:20 . 2010-07-02 10:20 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-04-01 05:20 . 2009-04-01 05:20 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-07-02 10:20 . 2010-07-02 10:20 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-07-02 10:23 . 2010-07-02 10:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:05 . 2009-10-14 10:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-07-02 10:23 . 2010-07-02 10:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:05 . 2009-10-14 10:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2005-05-21 15:20 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2006-11-08 05:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2007-05-09 20:43 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 19:30 . 2010-04-02 19:30 17456640 c:\windows\Installer\7a1726.msp
+ 2010-04-25 00:09 . 2010-04-25 00:09 11750912 c:\windows\Installer\7a16ea.msp
+ 2010-03-31 08:23 . 2010-03-31 08:23 15638528 c:\windows\Installer\7a16e2.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 14599680 c:\windows\Installer\69acf5.msp
+ 2010-04-16 04:34 . 2010-04-16 04:34 17510912 c:\windows\Installer\69accd.msp
+ 2010-07-02 10:17 . 2010-02-25 18:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-07-02 10:10 . 2010-07-02 10:10 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3561e1f73e31b746ba6c6d9275af13b3\System.ServiceModel.ni.dll
+ 2010-07-02 10:25 . 2010-07-02 10:25 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7a6651cdbf45007d2f5a8da2271f00d\PresentationFramework.ni.dll
+ 2010-07-02 10:22 . 2010-07-02 10:22 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5d389dc0bc93851f25fd17f6fda3607c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"WD Button Manager"="WDBtnMgr.exe" [2008-08-11 364544]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-10 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-3-31 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-26 113664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=c:\program files\Common Files\AOL\1146716064\ee\AOLSoftware.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146716064\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146716064\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/25/2010 4:31 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2010 4:31 AM 17744]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/7/2010 4:15 PM 3032360]
S2 gupdate1c98e317d177200;Google Update Service (gupdate1c98e317d177200);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2009 4:18 PM 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/7/2010 4:15 PM 15144]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768]
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 23:18]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 23:18]

2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{784BEF3D-4451-4A26-9E9E-1185073AD2FC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: gsp.dll
Trusted Zone: amazon.com\www
Trusted Zone: melaleuca.com\www
Trusted Zone: melaluca.com\www
Trusted Zone: microsoft.com\mail
Trusted Zone: parentorganizer.com
Trusted Zone: yahoo.com\www
FF - ProfilePath - c:\documents and settings\Brett\Application Data\Mozilla\Firefox\Profiles\ho9x2gce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\DNAML\npdbplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-07-02 09:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Support.com\users\Lorrie Gow\DnaServerList\{INSTALL}\UpdatedList]
@DACL=(02 0000)
"TG_UPDATE_ACTIONS"=""
"TG_UPDATE_APPS"=""
"TG_UPDATE_CLIENTREG"=""
"TG_UPDATE_DEFAULTXML"=""
"TG_UPDATE_FILTERS"=""
"TG_UPDATE_JOBS"=""
"TG_UPDATE_OSLISTS"=""

[HKEY_LOCAL_MACHINE\software\Support.com\users\Lorrie Gow\DnaServerList\{INSTALL}\UpLoadedList]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\gsp.dll

- - - - - - - > 'explorer.exe'(2352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-07-02 09:47:30
ComboFix-quarantined-files.txt 2010-07-02 16:47
ComboFix2.txt 2010-05-24 15:16
ComboFix3.txt 2010-05-20 08:14

Pre-Run: 5,101,346,816 bytes free
Post-Run: 5,113,884,672 bytes free

- - End Of File - - 62BE3E79A98C0857B8A8068C3C3F9753


Kaspersky Results:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 2, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 02, 2010 07:10:41
Records in database: 4260121
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 121835
Threats found: 6
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 03:55:45


File name / Threat / Threats count
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\57\36d2eeb9-19f5c81e Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\57\36d2eeb9-19f5c81e Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\57\36d2eeb9-19f5c81e Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\59\3106fdbb-4d774179 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\59\3106fdbb-4d774179 Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\59\3106fdbb-4d774179 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-58c5d8ff Infected: Exploit.Java.ByteVerify 1
C:\System Volume Information\_restore{0AC768F2-3AB5-49A6-A966-92613413F6B7}\RP1903\A0204811.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{0AC768F2-3AB5-49A6-A966-92613413F6B7}\RP1904\A0204934.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\WINDOWS\system32\ConTest.dll Infected: Trojan.Win32.BHO.lkl 1

Selected area has been scanned.


Thank you again for the help and assistance. It is greatly appreciated. Enjoy the 4th of July.

Be well - Brett
Brett Gowski is offline  
Old 07-03-2010, 08:02 AM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi Brett,

On your keyboard, press the Windows Logo key and the letter 'E' to open Windows Explorer. Navigate to, and delete the following File (Right click and select 'delete'):

C:\WINDOWS\system32\ConTest.dll

===============================

Anytime you see infection in Sun\Java\Deployment\cache, all you need to do is clear the Sun Java cache. Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
=================================

The remainder of Kaspersky's findings located in C:\System Volume Information\, is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.


If there aren't any more problems, we have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - https://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
    • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

  • WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.


  • Scan here https://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

  • BACKING UP YOUR REGISTRY
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

**Kindly respond one more time and let me know if we may consider this thread resolved.

One more thing - you mentioned pop ups at particular sites. What sort of pop ups, and do they still occur after clearing your java cache?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-11-2010, 01:59 PM   #13
Registered Member
 
Join Date: Mar 2005
Posts: 25
OS: xp



Ried,

I went through the final steps. Thank you very much for the help. I will look into the different programs you listed in your earlier post. Computer seems to be running fine now. Thank you again. Be well - Brett
Brett Gowski is offline  
Old 07-11-2010, 05:09 PM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome, Brett. Same to you and yours.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:08 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts