Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links in Firefox redirect to different web sites


  • This topic is locked This topic is locked
25 replies to this topic

#1 maxsteele

maxsteele

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 21 April 2010 - 10:11 AM

Thank you for taking the time to help me with this issue. In Firefox, when I click on Google search links, I will get random re-directs to other similar web sites. I have tried normal scanning methods to locate this issue (Malware Bytes, Spybot, ESET Online), but I have been unsuccessful. I uninstalled / reinstalled Firefox and the issue is still there.

EDIT: While my computer was sitting idle, I had a blue screen. Here is the information from the blue screen:

STOP: 0x000000F4 (0x00000003, 0x8A2DBDA0, 0x8A2DBF14, 0x805C8C7C)

There was no other unique information on the blue screen.

Submitted for you are my DDS and GMER logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Max Steele at 0:28:46.79 on Wed 04/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1374 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100420-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Max Steele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Steele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Steele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Steele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Steele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Steele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Steele\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON WorkForce 500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieqa.exe /fu "c:\windows\temp\E_S447.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\max steele\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "e:\steam\Steam.exe" -silent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SMART Monitor] c:\program files\smart monitor\SMART Monitor.exe
mRun: [S.M.A.R.T. Assistant]
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corece~1.lnk - c:\program files\msi\core center\CoreCenter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} - hxxps://dhsnetlink.hr.state.or.us/iLinc/download/ilinci77.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249070965000
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maxste~1\applic~1\mozilla\firefox\profiles\aumjcdqw.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\max steele\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\max steele\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\max steele\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\max steele\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\max steele\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-31 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-31 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.sys [2009-7-31 28160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-2 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-2-20 24576]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]

=============== Created Last 30 ================

2010-04-21 07:27:56 0 ----a-w- c:\documents and settings\max steele\defogger_reenable
2010-04-21 07:21:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 07:21:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 06:57:34 15664 ----a-w- C:\bookmarks-2010-04-20.json
2010-04-21 04:25:54 0 d-----w- c:\program files\ESET
2010-04-21 04:18:34 0 ----a-w- c:\windows\DbgOut.INI
2010-04-21 04:10:29 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-21 04:09:36 0 d-----w- c:\windows\LastGood(2)
2010-04-20 16:32:41 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-20 16:32:41 0 d-----w- c:\docume~1\maxste~1\applic~1\SUPERAntiSpyware.com
2010-04-20 06:30:07 0 d-----w- c:\docume~1\maxste~1\applic~1\QuickScan
2010-04-20 06:10:37 0 d-----w- c:\docume~1\maxste~1\applic~1\Malwarebytes
2010-04-20 06:10:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-20 06:10:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 14:52:50 0 d-----w- C:\SAHFF
2010-04-19 06:38:13 0 d-----w- c:\docume~1\maxste~1\applic~1\ManyCam
2010-04-17 19:12:23 0 d-----w- c:\docume~1\maxste~1\applic~1\EVEMon
2010-04-17 03:24:10 25 ----a-w- c:\windows\herjek.config
2010-04-16 02:08:09 0 d-----w- C:\ProgramData
2010-04-16 02:06:30 0 d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-09 02:56:37 0 d-----w- c:\docume~1\maxste~1\applic~1\Nevosoft
2010-04-09 02:49:00 0 d-----w- c:\program files\Vampireville
2010-04-07 21:33:44 0 d-----w- c:\docume~1\maxste~1\applic~1\QB9
2010-04-07 21:27:46 0 d-----w- c:\program files\Doors of the Mind - Inner Mysteries
2010-04-07 02:39:05 0 d-----w- c:\docume~1\maxste~1\applic~1\Artogon
2010-04-05 02:11:31 0 d-----w- c:\docume~1\maxste~1\applic~1\DarkParablesBriarRoseSE_BFG
2010-04-05 01:22:13 0 d-----w- c:\program files\Dark Parables - Curse of Briar Rose
2010-03-31 17:43:58 0 d-----w- c:\program files\Alexey V.Voronin
2010-03-31 17:28:36 0 d-----w- c:\program files\SMART Monitor

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 02:00:55 4096 ----a-w- c:\windows\d3dx.dat
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 00:22:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2010-02-21 00:22:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-04 18:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 18:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 18:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 18:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-25 02:14:49 70984 ----a-w- c:\documents and settings\max steele\g2mdlhlpx.exe
2002-08-01 03:55:12 108 --sh--w- c:\windows\WSYS049.SYS

============= FINISH: 0:29:31.90 ===============

Attached Files


Edited by maxsteele, 21 April 2010 - 10:48 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 27 April 2010 - 08:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 April 2010 - 10:29 PM

Greetings Myrti,

Thank you for looking at my PC issue! I greatly appreciate the time you are giving to fix this. I have had this system disconnected from the internet since the initial posting of this issue.

As requested, here are the OTL.txt and Extras.txt files from the OTL program:

OTL.txt:

OTL logfile created on: 4/27/2010 8:15:32 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Max Steele\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 7.36 Gb Free Space | 18.84% Space Free | Partition Type: NTFS
Drive D: | 3.87 Gb Total Space | 0.83 Gb Free Space | 21.44% Space Free | Partition Type: FAT32
Drive E: | 186.31 Gb Total Space | 132.14 Gb Free Space | 70.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.33 Gb Total Space | 7.00 Gb Free Space | 95.50% Space Free | Partition Type: FAT32

Computer Name: STEELE
Current User Name: Max Steele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 20:13:14 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max Steele\Desktop\OTL.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/27 20:13:14 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max Steele\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/19 17:49:14 | 000,055,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/02 14:34:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/19 12:08:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/02/14 16:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/01/24 08:36:41 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/21 09:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/23 13:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 13:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 13:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 13:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 13:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 13:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 13:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 13:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 13:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 13:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 13:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 13:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 13:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 13:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 13:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 13:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 13:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 13:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/06/10 17:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/03/08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/12/19 10:49:08 | 000,041,472 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2006/10/24 16:21:58 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.sys -- (PCAlertDriver)
DRV - [2006/09/13 11:36:36 | 000,006,784 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2005/08/18 17:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 00:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 00:03:53 | 000,000,000 | ---D | M]

[2010/04/21 00:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max Steele\Application Data\Mozilla\Extensions
[2010/04/21 00:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max Steele\Application Data\Mozilla\Firefox\Profiles\aumjcdqw.default\extensions
[2010/04/21 00:05:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Max Steele\Application Data\Mozilla\Firefox\Profiles\aumjcdqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/21 00:03:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 13:17:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/09/11 15:00:52 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/09/11 15:00:52 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/09/11 15:00:51 | 000,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/01/07 09:58:30 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/06 15:54:36 | 000,362,792 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 12470 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [S.M.A.R.T. Assistant] File not found
O4 - HKLM..\Run: [SMART Monitor] C:\Program Files\SMART Monitor\SMART Monitor.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-823518204-1284227242-725345543-1003..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-823518204-1284227242-725345543-1003..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-823518204-1284227242-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-823518204-1284227242-725345543-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-823518204-1284227242-725345543-1003..\Run: [Steam] E:\steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O15 - HKU\S-1-5-21-823518204-1284227242-725345543-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} https://dhsnetlink.hr.state.or.us/iLinc/dow...ad/ilinci77.dll (ILINCInstall77 Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1249070965000 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Max Steele\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Max Steele\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 10:49:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b6c18090-7db9-11de-8b13-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6c18090-7db9-11de-8b13-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6c18090-7db9-11de-8b13-806d6172696f}\Shell\AutoRun\command - "" = F:\TurboTax2009Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/31 03:32:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 20:14:28 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Max Steele\Desktop\OTL.exe
[2010/04/24 08:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\Nero
[2010/04/24 08:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/24 08:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/24 08:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/04/21 00:21:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/21 00:21:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 00:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/20 21:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/20 21:09:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2010/04/20 20:57:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/20 09:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\SUPERAntiSpyware.com
[2010/04/20 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/19 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\QuickScan
[2010/04/19 23:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\Malwarebytes
[2010/04/19 23:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/19 23:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 20:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/19 07:52:50 | 000,000,000 | ---D | C] -- C:\SAHFF
[2010/04/18 23:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\ManyCam
[2010/04/17 12:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\EVEMon
[2010/04/15 19:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/04/15 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Dominic Cranes Dreamscape Mystery
[2010/04/08 19:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\Nevosoft
[2010/04/08 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Vampireville
[2010/04/07 14:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\QB9
[2010/04/07 14:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Doors of the Mind - Inner Mysteries
[2010/04/06 19:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\Artogon
[2010/04/04 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max Steele\Application Data\DarkParablesBriarRoseSE_BFG
[2010/04/04 18:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dark Parables - Curse of Briar Rose
[2010/03/31 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alexey V.Voronin
[2010/03/31 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Monitor
[2009/06/23 11:49:14 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 20:13:14 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max Steele\Desktop\OTL.exe
[2010/04/27 20:08:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 19:37:05 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003UA.job
[2010/04/27 04:08:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/27 01:37:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003Core.job
[2010/04/26 18:24:34 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-00521102}.CDF
[2010/04/26 18:24:34 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-00521102}.BAK
[2010/04/26 12:41:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 12:41:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 12:41:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 12:30:48 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000009-00001102-00000004-00521102}.rfx
[2010/04/26 12:30:48 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000009-00001102-00000004-00521102}.rfx
[2010/04/26 12:30:48 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000009-00001102-00000004-00521102}.rfx
[2010/04/26 12:30:48 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000009-00001102-00000004-00521102}.rfx
[2010/04/26 12:30:48 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000004-00521102}.rfx
[2010/04/26 12:30:25 | 008,531,968 | ---- | M] () -- C:\Documents and Settings\Max Steele\ntuser.dat
[2010/04/26 12:30:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Max Steele\ntuser.ini
[2010/04/24 08:19:07 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/04/21 00:27:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Max Steele\defogger_reenable
[2010/04/20 23:57:34 | 000,015,664 | ---- | M] () -- C:\bookmarks-2010-04-20.json
[2010/04/20 21:18:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\DbgOut.INI
[2010/04/20 21:03:33 | 003,717,998 | -H-- | M] () -- C:\Documents and Settings\Max Steele\Local Settings\Application Data\IconCache.db
[2010/04/19 23:24:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/19 11:38:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/04/18 23:23:13 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/18 23:23:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/18 18:36:07 | 000,007,923 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\clip2_73b.gif
[2010/04/18 17:28:25 | 000,136,413 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\sahff3.jpg
[2010/04/18 17:27:47 | 000,115,572 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\Sahff2.jpg
[2010/04/18 17:26:55 | 000,098,590 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\Sahff1.jpg
[2010/04/18 17:19:41 | 000,246,928 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\SAHFFplaydate.jpg
[2010/04/17 22:48:05 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Max Steele\My Documents\episodes from liberty city.doc
[2010/04/17 04:10:45 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 20:24:10 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/04/16 15:10:07 | 000,769,536 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\screenshot.doc
[2010/04/15 19:07:31 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dominic Crane's Dreamscape Mystery.lnk
[2010/04/15 19:07:31 | 000,001,232 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/14 14:00:53 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Max Steele\My Documents\Shopping List.XLS
[2010/04/14 03:05:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 22:31:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Max Steele\My Documents\Things to Do Today.doc
[2010/04/08 22:28:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\tax retun money.xls
[2010/04/08 19:50:27 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Vampireville.lnk
[2010/04/08 11:40:48 | 001,444,753 | ---- | M] () -- C:\Documents and Settings\Max Steele\My Documents\Woodlt001.pdf
[2010/04/07 14:28:36 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Doors of the Mind - Inner Mysteries.lnk
[2010/04/06 20:47:35 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Max Steele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 18:23:15 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dark Parables - Curse of Briar Rose.lnk
[2010/04/04 18:16:23 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 18:44:20 | 000,492,419 | ---- | M] () -- C:\Documents and Settings\Max Steele\Desktop\luna.jpg
[2010/03/28 23:14:51 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 08:19:07 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/04/21 00:32:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\gmer.exe
[2010/04/21 00:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Max Steele\defogger_reenable
[2010/04/20 23:57:34 | 000,015,664 | ---- | C] () -- C:\bookmarks-2010-04-20.json
[2010/04/20 21:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/04/18 23:38:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/04/18 18:36:06 | 000,007,923 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\clip2_73b.gif
[2010/04/18 17:28:23 | 000,136,413 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\sahff3.jpg
[2010/04/18 17:27:45 | 000,115,572 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\Sahff2.jpg
[2010/04/18 17:26:53 | 000,098,590 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\Sahff1.jpg
[2010/04/18 17:19:39 | 000,246,928 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\SAHFFplaydate.jpg
[2010/04/17 22:48:05 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Max Steele\My Documents\episodes from liberty city.doc
[2010/04/17 05:21:32 | 008,531,968 | ---- | C] () -- C:\Documents and Settings\Max Steele\ntuser.dat
[2010/04/17 04:10:45 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 20:24:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\herjek.config
[2010/04/16 15:09:55 | 000,769,536 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\screenshot.doc
[2010/04/15 19:07:31 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dominic Crane's Dreamscape Mystery.lnk
[2010/04/15 19:07:31 | 000,001,232 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/08 19:50:27 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Vampireville.lnk
[2010/04/08 11:45:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Max Steele\My Documents\Things to Do Today.doc
[2010/04/08 11:40:44 | 001,444,753 | ---- | C] () -- C:\Documents and Settings\Max Steele\My Documents\Woodlt001.pdf
[2010/04/07 14:28:36 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Doors of the Mind - Inner Mysteries.lnk
[2010/04/04 18:23:15 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dark Parables - Curse of Briar Rose.lnk
[2010/04/04 18:16:23 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/03/29 18:44:17 | 000,492,419 | ---- | C] () -- C:\Documents and Settings\Max Steele\Desktop\luna.jpg
[2010/03/28 23:14:51 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/03/10 20:47:26 | 000,000,108 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/02/06 13:06:49 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2010/02/06 13:06:49 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/14 11:10:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/14 11:10:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/27 21:18:20 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/09/27 21:14:56 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/09/27 21:14:06 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/09/22 23:48:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/08/04 08:57:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/07/31 22:50:29 | 000,273,408 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009/07/31 20:01:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/31 19:20:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/31 15:12:14 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/07/31 13:17:03 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/06/23 12:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 12:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 11:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/09/26 22:10:30 | 079,031,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\9-8_legacy_xp32-64_dd_ccc.exe
[2009/10/02 14:17:42 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\everesthome220.exe
[2009/07/31 19:48:15 | 123,368,360 | ---- | M] (Microsoft Corporation) -- C:\Office2003SP3-KB923618-FullFile-ENU.exe
[2009/10/02 13:54:10 | 039,451,456 | ---- | M] (Creative Technology Ltd) -- C:\SBAX_PCDRV_LB_2_18_0011.exe


< MD5 for: AGP440.SYS >
[2004/08/03 16:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/31 13:36:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/31 13:36:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 16:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/31 13:36:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/31 13:36:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/03 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 15:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 15:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 17:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004/08/03 15:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/31 03:34:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/31 03:34:58 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/31 03:34:58 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C67CB31A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECED34B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
< End of report >

_________________________________________________________________________________________________

Extras.txt:

OTL Extras logfile created on: 4/27/2010 8:15:32 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Max Steele\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 7.36 Gb Free Space | 18.84% Space Free | Partition Type: NTFS
Drive D: | 3.87 Gb Total Space | 0.83 Gb Free Space | 21.44% Space Free | Partition Type: FAT32
Drive E: | 186.31 Gb Total Space | 132.14 Gb Free Space | 70.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.33 Gb Total Space | 7.00 Gb Free Space | 95.50% Space Free | Partition Type: FAT32

Computer Name: STEELE
Current User Name: Max Steele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-823518204-1284227242-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57859:TCP" = 57859:TCP:*:Enabled:Pando Media Booster
"57859:UDP" = 57859:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"57859:TCP" = 57859:TCP:*:Enabled:Pando Media Booster
"57859:UDP" = 57859:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58001:TCP" = 58001:TCP:*:Enabled:Pando Media Booster
"58001:UDP" = 58001:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"E:\eve\bin\ExeFile.exe" = E:\eve\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\DOCUME~1\MAXSTE~1\LOCALS~1\Temp\CS4.exe" = C:\DOCUME~1\MAXSTE~1\LOCALS~1\Temp\CS4.exe:*:Enabled:Windows Center -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\DOCUME~1\MAXSTE~1\LOCALS~1\Temp\eraseme_50218.exe" = C:\DOCUME~1\MAXSTE~1\LOCALS~1\Temp\eraseme_50218.exe:*:Enabled:Windows Center -- File not found
"E:\DDO Unlimited\dndclient.exe" = E:\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- File not found
"E:\ORDER OF WAR (DEMO)\oow_final.bin" = E:\ORDER OF WAR (DEMO)\oow_final.bin:*:Enabled:Tue Jul 28 19:56:36 2009 -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"E:\steam\Steam.exe" = E:\steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"E:\mule\data\lib\jre\bin\java.exe" = E:\mule\data\lib\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\TVersity\Media Server\MediaServer.exe" = E:\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- File not found
"E:\steam\steamapps\common\torchlight\Torchlight.exe" = E:\steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Mortal Online\Mortal Online Launcher.exe" = E:\Mortal Online\Mortal Online Launcher.exe:*:Enabled:Mortal Online Launcher -- File not found
"E:\Mortal Online\mortalonline\UnrealEngine3\Binaries\Win32\NowGame.exe" = E:\Mortal Online\mortalonline\UnrealEngine3\Binaries\Win32\NowGame.exe:*:Enabled:NowGame -- File not found
"E:\Darkfall US\Lobby.exe" = E:\Darkfall US\Lobby.exe:*:Enabled:Lobby -- File not found
"C:\WINDOWS\asam.exe" = C:\WINDOWS\asam.exe:*:Enabled:enable -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.2.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{81A075BA-D267-4866-88AC-1602CEFD0194}" = DigiDelivery
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{b9b7a12b-e93e-4eb8-ad62-a51badc4559b}" = Nero 9 Essentials
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = Meeting Manager for Internet Explorer
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = Meeting Service
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudioCS" = Creative Audio Console
"avast!" = avast! Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Parables - Curse of Briar Rose" = Dark Parables: Curse of Briar Rose
"BFG-Dominic Crane's Dreamscape Mystery" = Dominic Crane's Dreamscape Mystery
"BFG-Doors of the Mind - Inner Mysteries" = Doors of the Mind: Inner Mysteries
"BFG-Vampireville" = Vampireville
"CoffeeCup Visual Site Designer Software" = CoffeeCup Visual Site Designer Software
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core Center" = Core Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"ie8" = Windows Internet Explorer 8
"Lair of the Leviathan" = Tales of Monkey Island - Lair of the Leviathan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"QcDrv" = Logitech® Camera Driver
"Rise of the Pirate God" = Tales of Monkey Island - Rise of the Pirate God
"S.M.A.R.T. Assistant_is1" = S.M.A.R.T. Assistant 1.4
"Station Launcher" = Station Launcher
"Steam App 41510" = Torchlight - Demo
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Media Player" = Move Media Player
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Wurm Online 2.6.8" = Wurm Online 2.6.8
"Wurm Online 2.7.0-2486 [unstable]" = Wurm Online 2.7.0-2486 [unstable]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/3/2009 5:25:16 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\sclgntfy.dll failed, 0000A413.

Error - 11/3/2009 5:25:16 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\ES.DLL failed, 0000A413.

Error - 11/3/2009 5:25:20 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\KBDUS.DLL failed, 0000A413.

Error - 11/3/2009 5:25:20 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wuaueng.dll failed, 0000A413.

Error - 11/3/2009 5:25:20 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wuaueng.dll.mui failed, 0000A413.

Error - 11/7/2009 11:31:14 AM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://magazine.wired.com/ecom/targetedOff...ail_subServices
failed, 0000A413.

Error - 11/10/2009 8:19:36 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://rt21.infolinks.com/action/dwq.htm?p...%20brown%7Cthe%
failed, 0000A413.

Error - 11/20/2009 2:59:17 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://0-imageserver.ebscohost.com.shoen.i...stController.js
failed, 0000A413.

Error - 11/22/2009 9:40:28 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Max Steele\Application Data\Mozilla\Firefox\Profiles\1olryupg.default\sessionstore-1.js
failed, 0000A413.

Error - 1/20/2010 3:12:42 PM | Computer Name = STEELE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://boost4-downloads.members.easynews.c...%20Princess.iso
failed, 00000084.

[ System Events ]
Error - 4/19/2010 2:19:58 AM | Computer Name = STEELE | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 2 time(s).

Error - 4/19/2010 2:20:04 AM | Computer Name = STEELE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/19/2010 11:57:01 PM | Computer Name = STEELE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/19/2010 11:58:08 PM | Computer Name = STEELE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK8 aswSP BANTExt Fips

Error - 4/19/2010 11:59:18 PM | Computer Name = STEELE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/20/2010 2:19:32 AM | Computer Name = STEELE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/23/2010 7:03:22 PM | Computer Name = STEELE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/25/2010 7:03:23 PM | Computer Name = STEELE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/26/2010 9:14:46 PM | Computer Name = STEELE | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a2dbda0, parameter3
8a2dbf14, parameter4 805c8c7c.

Error - 4/27/2010 7:03:24 PM | Computer Name = STEELE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 29 April 2010 - 03:56 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 29 April 2010 - 12:47 PM

Hi Myrti,

I was afraid you would discover a root kit on the system. Fortunately, I have had my system disconnected from the internet since discovery of issues on the system, and while I know they can lay dormant for awhile, I am fairly confident this was caught early. I would like to continue with the cleaning process to at least get my system back to a state where I can safely move data off of it in preparation for a re-format.

Here is the combofix log:

ComboFix 10-04-29.01 - Max Steele 04/29/2010 10:23:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1509 [GMT -7:00]
Running from: c:\documents and settings\Max Steele\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100421-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\herjek.config
E:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 17:20 . 2010-04-29 17:20 183392 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 15:35 . 2010-04-24 15:35 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Nero
2010-04-24 15:18 . 2010-04-24 15:26 -------- d-----w- c:\program files\Nero
2010-04-24 15:17 . 2010-04-24 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-24 15:17 . 2010-04-24 15:33 -------- d-----w- c:\program files\Common Files\Nero
2010-04-19 14:52 . 2010-04-20 16:36 -------- d-----w- C:\SAHFF
2010-04-19 06:38 . 2010-04-19 06:38 -------- d-----w- c:\documents and settings\Max Steele\Application Data\ManyCam
2010-04-17 19:12 . 2010-04-17 19:12 -------- d-----w- c:\documents and settings\Max Steele\Application Data\EVEMon
2010-04-16 02:08 . 2010-04-16 02:08 -------- d-----w- C:\ProgramData
2010-04-16 02:06 . 2010-04-16 02:07 -------- d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-09 02:56 . 2010-04-09 02:56 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Nevosoft
2010-04-09 02:49 . 2010-04-09 02:50 -------- d-----w- c:\program files\Vampireville
2010-04-09 02:21 . 2010-04-09 02:21 31232 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\jinput-dx8.dll
2010-04-09 02:21 . 2010-04-09 02:21 29696 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\jinput-raw.dll
2010-04-09 02:21 . 2010-04-09 02:21 237568 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\lwjgl.dll
2010-04-09 02:21 . 2010-04-09 02:21 108032 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\OpenAL32.dll
2010-04-07 21:33 . 2010-04-07 21:33 -------- d-----w- c:\documents and settings\Max Steele\Application Data\QB9
2010-04-07 21:27 . 2010-04-07 21:28 -------- d-----w- c:\program files\Doors of the Mind - Inner Mysteries
2010-04-07 02:39 . 2010-04-07 02:39 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Artogon
2010-04-05 02:11 . 2010-04-05 02:14 -------- d-----w- c:\documents and settings\Max Steele\Application Data\DarkParablesBriarRoseSE_BFG
2010-04-05 01:22 . 2010-04-05 01:23 -------- d-----w- c:\program files\Dark Parables - Curse of Briar Rose
2010-04-05 01:15 . 2010-04-05 01:15 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-03-31 17:43 . 2010-03-31 17:43 -------- d-----w- c:\program files\Alexey V.Voronin
2010-03-31 17:28 . 2010-03-31 17:30 -------- d-----w- c:\program files\SMART Monitor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 07:21 . 2010-04-20 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 07:10 . 2010-04-21 07:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-21 04:25 . 2010-04-21 04:25 -------- d-----w- c:\program files\ESET
2010-04-21 04:19 . 2010-02-21 00:15 -------- d-----w- c:\program files\HTC
2010-04-21 04:18 . 2010-02-21 00:17 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Teleca
2010-04-21 04:12 . 2010-04-20 16:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-21 04:05 . 2009-08-01 00:05 -------- d-----w- c:\program files\Google
2010-04-20 16:32 . 2010-04-20 16:32 -------- d-----w- c:\documents and settings\Max Steele\Application Data\SUPERAntiSpyware.com
2010-04-20 16:32 . 2009-09-27 06:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-20 06:32 . 2010-04-20 06:30 -------- d-----w- c:\documents and settings\Max Steele\Application Data\QuickScan
2010-04-20 06:10 . 2010-04-20 06:10 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Malwarebytes
2010-04-20 06:10 . 2010-04-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-19 06:56 . 2009-07-31 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-16 03:03 . 2009-08-12 01:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 06:59 . 2009-11-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-05 01:16 . 2009-08-12 01:31 -------- d-----w- c:\program files\bfgclient
2010-04-05 01:15 . 2009-08-12 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-04-04 02:07 . 2009-08-06 19:39 -------- d-----w- c:\program files\Palm
2010-03-30 07:46 . 2010-04-21 07:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-04-21 07:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 16:49 . 2009-12-10 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 05:38 . 2010-03-22 05:38 30720 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\jinput-dx8.dll
2010-03-22 05:38 . 2010-03-22 05:38 29184 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\jinput-raw.dll
2010-03-22 05:38 . 2010-03-22 05:38 163328 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\lwjgl.dll
2010-03-22 05:38 . 2010-03-22 05:38 108032 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\OpenAL32.dll
2010-03-20 20:21 . 2010-03-20 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-03-20 20:21 . 2010-03-20 20:19 -------- d-----w- c:\program files\MySQL
2010-03-20 20:20 . 2010-03-20 20:20 -------- d-----w- c:\program files\IIS
2010-03-20 02:43 . 2010-03-20 02:43 -------- d-----w- c:\program files\Microsoft
2010-03-19 15:35 . 2010-03-03 20:17 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Skype
2010-03-17 22:17 . 2010-03-17 22:17 79488 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-15 05:25 . 2009-09-27 06:11 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Wargaming.Net
2010-03-15 05:22 . 2010-03-04 00:22 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Darkfall US
2010-03-14 00:12 . 2010-03-14 00:12 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-13 23:55 . 2010-03-13 23:55 -------- d-----w- c:\program files\OpenAL
2010-03-13 23:54 . 2009-09-27 06:06 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-13 23:54 . 2010-03-13 23:54 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-12 16:56 . 2010-03-12 16:55 -------- d-----w- c:\documents and settings\Max Steele\Application Data\.minecraft
2010-03-11 03:46 . 2010-03-11 03:46 -------- d-----w- c:\program files\CoffeeCup Software
2010-03-10 06:15 . 2004-08-03 22:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 02:01 . 2010-03-06 02:01 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Silverback Productions
2010-03-06 02:00 . 2010-03-06 02:00 4096 ----a-w- c:\windows\d3dx.dat
2010-03-06 00:03 . 2010-03-03 20:18 -------- d-----w- c:\documents and settings\Max Steele\Application Data\skypePM
2010-03-04 00:44 . 2010-03-04 00:44 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Darkfall
2010-03-03 23:42 . 2009-08-16 01:20 -------- d-----w- c:\documents and settings\Max Steele\Application Data\uTorrent
2010-03-03 20:18 . 2010-03-03 20:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-03 20:17 . 2010-03-03 20:16 -------- d-----r- c:\program files\Skype
2010-03-03 20:16 . 2010-03-03 20:16 -------- d-----w- c:\program files\Common Files\Skype
2010-03-03 20:16 . 2010-03-03 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-25 06:24 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-03 21:20 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-03 22:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 20:26 . 2010-02-06 20:26 626688 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\msvcr80.dll
2010-02-06 20:26 . 2010-02-06 20:26 548864 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\msvcp80.dll
2010-02-06 20:26 . 2010-02-06 20:26 598016 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\highgui100.dll
2010-02-06 20:26 . 2010-02-06 20:26 933888 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\cxcore100.dll
2010-02-06 20:26 . 2010-02-06 20:26 724992 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\cv100.dll
2010-02-06 20:26 . 2010-02-06 20:26 24064 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\ESMlib.dll
2010-02-04 18:01 . 2010-02-06 21:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 18:01 . 2010-02-06 21:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 18:01 . 2010-02-06 21:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 18:01 . 2010-02-06 21:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 21:19 . 2010-02-03 21:19 143312 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\vampireville_s1_l1_gF5524T1L1_d852868111.exe
2010-02-03 21:19 . 2010-02-03 21:19 143312 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-crystal-portal-beyond-horizon_s1_l1_gF5592T1L1_d850666760.exe
2010-02-03 21:19 . 2010-02-03 21:19 143312 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\doors-of-the-mind-inner-mysteries_s1_l1_gF5560T1L1_d851574485.exe
2010-02-03 21:19 . 2010-02-03 21:19 143312 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dominic-cranes-dreamscape-mystery_s1_l1_gF5610T1L1_d860323608.exe
2010-02-03 21:19 . 2010-02-03 21:19 143312 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dark-parables-curse-of-the-briar-rose_s1_l1_gF5544T1L1_d848366509.exe
2010-02-03 21:19 . 2010-02-03 21:19 3028800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2010-02-02 03:17 . 2010-02-02 03:17 50354 ----a-w- c:\documents and settings\Max Steele\Application Data\Facebook\uninstall.exe
2009-09-11 22:00 . 2009-09-11 22:00 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-11 22:00 . 2009-09-11 22:00 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2002-08-01 03:55 . 2010-03-11 03:47 108 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-18 133104]
"Steam"="e:\steam\Steam.exe" [2010-02-24 1217872]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-07 2935480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-24 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-7-31 932864]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\eve\\bin\\ExeFile.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\steam\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\mule\\data\\lib\\jre\\bin\\java.exe"=
"e:\\steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57859:TCP"= 57859:TCP:Pando Media Booster
"57859:UDP"= 57859:UDP:Pando Media Booster
"58001:TCP"= 58001:TCP:Pando Media Booster
"58001:UDP"= 58001:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/31/2009 12:52 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/31/2009 12:52 PM 20560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 7:58 PM 135664]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/2/2009 2:34 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/20/2010 5:15 PM 24576]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [1/19/2010 5:49 PM 55184]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.sys [7/31/2009 10:50 PM 28160]
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 02:58]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 02:58]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003Core.job
- c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 07:17]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003UA.job
- c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 07:17]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} - hxxps://dhsnetlink.hr.state.or.us/iLinc/download/ilinci77.dll
FF - ProfilePath - c:\documents and settings\Max Steele\Application Data\Mozilla\Firefox\Profiles\aumjcdqw.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Max Steele\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Max Steele\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-SMART Monitor - c:\program files\SMART Monitor\SMART Monitor.exe
HKLM-Run-S.M.A.R.T. Assistant - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 10:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A4BA8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 -> SendCompleteHandler -> NDIS.sys @ 0xb9e06bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9df5a0d
SendHandler -> NDIS.sys @ 0xb9e09b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1284227242-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,d8,19,86,fa,ec,fa,16,58,d4,5d,61,20,00,cf,02,67,ea,bd,ce,f5,
33,14,5c,84,25,b6,58,b1,55,24,1e,ef,ce,db,f8,94,11,28,d6,c6,a2,38,99,b3,25,\
"rkeysecu"=hex:a7,5d,c5,e3,bb,0f,2a,82,af,f8,61,4d,3f,b6,1a,82
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-04-29 10:37:45
ComboFix-quarantined-files.txt 2010-04-29 17:37

Pre-Run: 9,270,181,888 bytes free
Post-Run: 9,322,979,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 069FC3F7D8B929FD06586038CDE8C09F


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 30 April 2010 - 07:58 AM

Hi,

could you please run a new scan with gmer? I assume you are still getting redirected?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 30 April 2010 - 12:04 PM

Hello Myrti,

I had not touched my PC since I had sent you the combofix log. I plugged it in and checked, and yes the redirect is still happening.

Also, I attempted to boot into safe mode, and the system restarted instead of booting into safe mode.

Here is my GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-30 10:00:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MAXSTE~1\LOCALS~1\Temp\pwtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAC6B16B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAC6B1574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAC6B1A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAC6B114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAC6B164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAC6B108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAC6B10F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAC6B176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAC6B172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAC6B18AE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xB9F21780]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8EF3000, 0x1C5D38, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9F14B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 05 May 2010 - 06:27 AM

HI,

Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.

Once logged in:
  • Then click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 05 May 2010 - 10:07 AM

Hi Myrti,

Thank you for your continued assistance. When I rebooted my system and Windows came back up, Avast said:

"Sign of "Win32:Alureon-FQ" has been found in "C:\windows\maxdriver\atapi.sys" file.

Here is my maxlook log:

CODE
Run from C:\Documents and Settings\Max Steele\Desktop\maxlook.exe on Wed 05/05/2010 at  7:57:09.23

--------- maxlook unsigned files ---------

c:\windows\maxdriver\atapi.sys:
    Verified:    Error accessing file
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\maxdriver\atnt40k.sys:
    Verified:    Unsigned
    File date:    4:09 PM 10/14/2005
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\maxdriver\BANTExt.sys:
    Verified:    Unsigned
    File date:    11:51 AM 3/6/2008
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\atnt40k.sys:
    Verified:    Unsigned
    File date:    4:09 PM 10/14/2005
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\system32\drivers\BANTExt.sys:
    Verified:    Unsigned
    File date:    11:51 AM 3/6/2008
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 05 May 2010 - 10:18 AM

Hi,

yes that was what I was trying to confirm. Your atapi.sys is infected. Did avast quarantine the file?

Please run the following script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
TDL::
C:\windows\system32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 05 May 2010 - 10:51 AM

Hy Myrti,

Thank you for the quick response! I had Avast take no action when it detected the infection on atapi.sys . I did not want to interfere with any cleaning you are attempting.

Here is the new combofix.txt file:

ComboFix 10-04-29.01 - Max Steele 05/05/2010 8:33.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1546 [GMT -7:00]
Running from: c:\documents and settings\Max Steele\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Max Steele\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100505-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\look.bat

.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 14:57 . 2010-02-27 00:26 220024 ----a-w- c:\windows\sigcheck.exe
2010-05-05 14:47 . 2010-05-05 07:52 -------- d-----w- c:\windows\maxdriver
2010-05-04 17:18 . 1995-07-11 16:50 21872 ----a-w- c:\windows\system32\MSACM.DRV
2010-05-04 17:18 . 1995-01-30 07:00 92208 ----a-w- c:\windows\system\WING.DLL
2010-05-04 17:18 . 1994-12-06 07:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-05-03 21:59 . 1995-01-30 07:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-05-03 21:59 . 1995-01-30 07:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-05-03 21:59 . 1995-01-30 07:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-05-03 21:59 . 1994-12-06 07:00 12800 ----a-w- c:\windows\system\WING32.DLL
2010-05-03 21:59 . 1993-06-25 21:47 20272 ----a-w- c:\windows\system32\CTL3D.DLL
2010-05-03 21:57 . 1996-01-09 17:38 283648 ----a-w- c:\windows\uninst.exe
2010-05-03 21:57 . 2010-05-03 21:57 -------- d-----w- c:\documents and settings\Max Steele\WINDOWS
2010-04-29 17:20 . 2010-04-29 17:20 183392 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 15:35 . 2010-04-24 15:35 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Nero
2010-04-24 15:18 . 2010-04-24 15:26 -------- d-----w- c:\program files\Nero
2010-04-24 15:17 . 2010-04-24 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-24 15:17 . 2010-04-24 15:33 -------- d-----w- c:\program files\Common Files\Nero
2010-04-19 14:52 . 2010-04-20 16:36 -------- d-----w- C:\SAHFF
2010-04-19 06:38 . 2010-04-19 06:38 -------- d-----w- c:\documents and settings\Max Steele\Application Data\ManyCam
2010-04-17 19:12 . 2010-04-17 19:12 -------- d-----w- c:\documents and settings\Max Steele\Application Data\EVEMon
2010-04-16 02:08 . 2010-04-16 02:08 -------- d-----w- C:\ProgramData
2010-04-16 02:06 . 2010-04-16 02:07 -------- d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-09 02:56 . 2010-04-09 02:56 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Nevosoft
2010-04-09 02:49 . 2010-04-09 02:50 -------- d-----w- c:\program files\Vampireville
2010-04-09 02:21 . 2010-04-09 02:21 31232 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\jinput-dx8.dll
2010-04-09 02:21 . 2010-04-09 02:21 29696 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\jinput-raw.dll
2010-04-09 02:21 . 2010-04-09 02:21 237568 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\lwjgl.dll
2010-04-09 02:21 . 2010-04-09 02:21 108032 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\OpenAL32.dll
2010-04-07 21:33 . 2010-04-07 21:33 -------- d-----w- c:\documents and settings\Max Steele\Application Data\QB9
2010-04-07 21:27 . 2010-04-07 21:28 -------- d-----w- c:\program files\Doors of the Mind - Inner Mysteries
2010-04-07 02:39 . 2010-04-07 02:39 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Artogon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:58 . 2010-05-03 21:58 -------- d-----w- c:\program files\DK Multimedia
2010-04-21 07:21 . 2010-04-20 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 07:10 . 2010-04-21 07:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-21 04:25 . 2010-04-21 04:25 -------- d-----w- c:\program files\ESET
2010-04-21 04:19 . 2010-02-21 00:15 -------- d-----w- c:\program files\HTC
2010-04-21 04:18 . 2010-02-21 00:17 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Teleca
2010-04-21 04:12 . 2010-04-20 16:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-21 04:05 . 2009-08-01 00:05 -------- d-----w- c:\program files\Google
2010-04-20 16:32 . 2010-04-20 16:32 -------- d-----w- c:\documents and settings\Max Steele\Application Data\SUPERAntiSpyware.com
2010-04-20 16:32 . 2009-09-27 06:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-20 06:32 . 2010-04-20 06:30 -------- d-----w- c:\documents and settings\Max Steele\Application Data\QuickScan
2010-04-20 06:10 . 2010-04-20 06:10 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Malwarebytes
2010-04-20 06:10 . 2010-04-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-19 06:56 . 2009-07-31 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-16 03:03 . 2009-08-12 01:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 06:59 . 2009-11-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-05 02:14 . 2010-04-05 02:11 -------- d-----w- c:\documents and settings\Max Steele\Application Data\DarkParablesBriarRoseSE_BFG
2010-04-05 01:23 . 2010-04-05 01:22 -------- d-----w- c:\program files\Dark Parables - Curse of Briar Rose
2010-04-05 01:16 . 2009-08-12 01:31 -------- d-----w- c:\program files\bfgclient
2010-04-05 01:15 . 2010-04-05 01:15 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-04-05 01:15 . 2009-08-12 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-04-04 02:07 . 2009-08-06 19:39 -------- d-----w- c:\program files\Palm
2010-03-31 17:43 . 2010-03-31 17:43 -------- d-----w- c:\program files\Alexey V.Voronin
2010-03-31 17:30 . 2010-03-31 17:28 -------- d-----w- c:\program files\SMART Monitor
2010-03-30 07:46 . 2010-04-21 07:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-04-21 07:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 16:49 . 2009-12-10 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 05:38 . 2010-03-22 05:38 30720 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\jinput-dx8.dll
2010-03-22 05:38 . 2010-03-22 05:38 29184 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\jinput-raw.dll
2010-03-22 05:38 . 2010-03-22 05:38 163328 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\lwjgl.dll
2010-03-22 05:38 . 2010-03-22 05:38 108032 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\OpenAL32.dll
2010-03-20 20:21 . 2010-03-20 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-03-20 20:21 . 2010-03-20 20:19 -------- d-----w- c:\program files\MySQL
2010-03-20 20:20 . 2010-03-20 20:20 -------- d-----w- c:\program files\IIS
2010-03-20 02:43 . 2010-03-20 02:43 -------- d-----w- c:\program files\Microsoft
2010-03-19 15:35 . 2010-03-03 20:17 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Skype
2010-03-17 22:17 . 2010-03-17 22:17 79488 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-15 05:25 . 2009-09-27 06:11 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Wargaming.Net
2010-03-15 05:22 . 2010-03-04 00:22 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Darkfall US
2010-03-14 00:12 . 2010-03-14 00:12 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-13 23:55 . 2010-03-13 23:55 -------- d-----w- c:\program files\OpenAL
2010-03-13 23:54 . 2009-09-27 06:06 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-13 23:54 . 2010-03-13 23:54 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-12 16:56 . 2010-03-12 16:55 -------- d-----w- c:\documents and settings\Max Steele\Application Data\.minecraft
2010-03-11 03:46 . 2010-03-11 03:46 -------- d-----w- c:\program files\CoffeeCup Software
2010-03-10 06:15 . 2004-08-03 22:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 02:00 . 2010-03-06 02:00 4096 ----a-w- c:\windows\d3dx.dat
2010-03-03 20:18 . 2010-03-03 20:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-25 06:24 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-03 21:20 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-03 22:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 20:26 . 2010-02-06 20:26 626688 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\msvcr80.dll
2010-02-06 20:26 . 2010-02-06 20:26 548864 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\msvcp80.dll
2010-02-06 20:26 . 2010-02-06 20:26 598016 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\highgui100.dll
2010-02-06 20:26 . 2010-02-06 20:26 933888 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\cxcore100.dll
2010-02-06 20:26 . 2010-02-06 20:26 724992 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\cv100.dll
2010-02-06 20:26 . 2010-02-06 20:26 24064 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\ESMlib.dll
2010-02-04 18:01 . 2010-02-06 21:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 18:01 . 2010-02-06 21:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 18:01 . 2010-02-06 21:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 18:01 . 2010-02-06 21:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2009-09-11 22:00 . 2009-09-11 22:00 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-11 22:00 . 2009-09-11 22:00 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2002-08-01 03:55 . 2010-03-11 03:47 108 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot@2010-04-29_17.33.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-03 21:58 . 1996-08-27 09:12 61568 c:\windows\VIEWER.EXE
+ 2010-05-03 21:58 . 1996-08-27 09:12 17536 c:\windows\VIEWENU.DLL
+ 2010-05-05 15:32 . 2010-05-05 15:32 16384 c:\windows\Temp\Perflib_Perfdata_534.dat
+ 2010-05-05 15:32 . 2010-05-05 15:32 16384 c:\windows\Temp\Perflib_Perfdata_348.dat
+ 2010-05-03 21:58 . 1996-08-27 09:12 73712 c:\windows\system\QTOLE.DLL
+ 2010-05-03 21:58 . 1996-08-27 09:12 14544 c:\windows\system\QTIMCMGR.DLL
+ 2010-05-03 21:58 . 1996-08-27 09:12 43504 c:\windows\system\MCIQTW.DRV
+ 2010-05-03 21:58 . 1996-08-27 09:12 93504 c:\windows\QTW16DEL.EXE
+ 2010-05-03 21:58 . 1996-08-27 09:12 74496 c:\windows\PLAYER.EXE
+ 2010-05-03 21:58 . 1996-08-27 09:12 16928 c:\windows\PLAYENU.DLL
+ 2006-09-29 02:00 . 2006-09-29 02:00 82944 c:\windows\maxdriver\WudfRd.sys
+ 2006-09-29 01:55 . 2006-09-29 01:55 77568 c:\windows\maxdriver\WudfPf.sys
+ 2010-02-06 20:16 . 2008-04-13 19:46 19200 c:\windows\maxdriver\WSTCODEC.SYS
+ 2001-08-23 11:00 . 2001-08-23 11:00 12032 c:\windows\maxdriver\ws2ifsl.sys
+ 2006-10-19 03:00 . 2006-10-19 03:00 38528 c:\windows\maxdriver\wpdusb.sys
+ 2009-07-31 21:28 . 2008-04-13 19:17 83072 c:\windows\maxdriver\wdmaud.sys
+ 2008-01-19 18:45 . 2008-01-19 18:45 35176 c:\windows\maxdriver\wdfldr.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 25471 c:\windows\maxdriver\watv10nt.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 22271 c:\windows\maxdriver\watv06nt.sys
+ 2004-08-03 21:04 . 2008-04-13 18:57 34560 c:\windows\maxdriver\wanarp.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 11935 c:\windows\maxdriver\wadv11nt.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 11871 c:\windows\maxdriver\wadv09nt.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 11295 c:\windows\maxdriver\wadv08nt.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 11807 c:\windows\maxdriver\wadv07nt.sys
+ 2008-04-13 18:43 . 2008-04-13 18:43 14208 c:\windows\maxdriver\wacompen.sys
+ 2004-08-03 21:00 . 2008-04-13 18:41 52352 c:\windows\maxdriver\volsnap.sys
+ 2004-08-03 21:07 . 2008-04-13 18:44 81664 c:\windows\maxdriver\videoprt.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 42240 c:\windows\maxdriver\viaagp.sys
+ 2004-08-03 21:07 . 2008-04-13 18:44 20992 c:\windows\maxdriver\vga.sys
+ 2001-08-17 14:02 . 2001-08-23 11:00 58112 c:\windows\maxdriver\vdmindvd.sys
+ 2009-07-31 18:08 . 2008-04-13 18:45 26368 c:\windows\maxdriver\usbstor.sys
+ 2009-08-04 15:57 . 2008-04-13 18:45 15104 c:\windows\maxdriver\usbscan.sys
+ 2009-08-02 04:23 . 2008-04-13 18:47 25856 c:\windows\maxdriver\usbprint.sys
+ 2004-08-03 21:08 . 2008-04-13 18:45 17152 c:\windows\maxdriver\usbohci.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 15872 c:\windows\maxdriver\usbintel.sys
+ 2004-08-03 21:08 . 2008-04-13 18:45 59520 c:\windows\maxdriver\usbhub.sys
+ 2004-08-03 21:08 . 2008-04-13 18:45 30208 c:\windows\maxdriver\usbehci.sys
+ 2009-08-02 04:23 . 2008-04-13 18:45 32128 c:\windows\maxdriver\usbccgp.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\maxdriver\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25600 c:\windows\maxdriver\usbcamd.sys
+ 2010-02-06 20:15 . 2008-04-13 19:45 60032 c:\windows\maxdriver\USBAUDIO.sys
+ 2008-04-13 18:56 . 2008-04-13 18:56 12800 c:\windows\maxdriver\usb8023x.sys
+ 2004-08-03 21:04 . 2008-04-13 18:56 12800 c:\windows\maxdriver\usb8023.sys
+ 2004-08-03 21:00 . 2008-04-13 18:32 66048 c:\windows\maxdriver\udfs.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 44672 c:\windows\maxdriver\uagp35.sys
+ 2004-08-03 23:03 . 2008-04-13 18:56 12288 c:\windows\maxdriver\tunmp.sys
+ 2001-08-17 14:06 . 2001-08-23 11:00 21376 c:\windows\maxdriver\tsbvcap.sys
+ 2001-08-17 14:01 . 2001-08-23 11:00 51712 c:\windows\maxdriver\tosdvd.sys
+ 2009-07-31 17:44 . 2008-04-14 00:13 40840 c:\windows\maxdriver\termdd.sys
+ 2009-07-31 17:44 . 2008-04-14 00:13 21896 c:\windows\maxdriver\tdtcp.sys
+ 2009-07-31 17:44 . 2008-04-14 00:13 12040 c:\windows\maxdriver\tdpipe.sys
+ 2004-08-03 21:07 . 2008-04-13 19:00 19072 c:\windows\maxdriver\tdi.sys
+ 2004-08-03 21:00 . 2008-04-13 18:40 14976 c:\windows\maxdriver\tape.sys
+ 2009-07-31 21:28 . 2008-04-13 19:15 60800 c:\windows\maxdriver\sysaudio.sys
+ 2009-07-31 21:28 . 2008-04-13 18:45 56576 c:\windows\maxdriver\swmidi.sys
+ 2010-02-06 20:16 . 2008-04-13 19:46 15232 c:\windows\maxdriver\StreamIP.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\maxdriver\stream.sys
+ 2009-07-31 17:46 . 2008-04-13 18:36 73472 c:\windows\maxdriver\sr.sys
+ 2004-08-03 23:09 . 2008-04-13 18:46 25344 c:\windows\maxdriver\sonydcam.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 14592 c:\windows\maxdriver\smclib.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 13240 c:\windows\maxdriver\slwdmsup.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 95424 c:\windows\maxdriver\slnthal.sys
+ 2010-02-06 20:16 . 2008-04-13 19:46 11136 c:\windows\maxdriver\SLIP.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 40960 c:\windows\maxdriver\sisagp.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 11392 c:\windows\maxdriver\sfloppy.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 11008 c:\windows\maxdriver\sffp_sd.sys
+ 2008-04-13 18:40 . 2008-04-13 18:40 10240 c:\windows\maxdriver\sffp_mmc.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 11904 c:\windows\maxdriver\sffdisk.sys
+ 2004-08-03 21:15 . 2008-04-13 19:15 64512 c:\windows\maxdriver\serial.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 15744 c:\windows\maxdriver\serenum.sys
+ 2004-07-17 09:36 . 2008-04-13 16:39 20480 c:\windows\maxdriver\secdrv.sys
+ 2004-08-03 21:07 . 2008-04-13 18:36 79232 c:\windows\maxdriver\sdbus.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 96384 c:\windows\maxdriver\scsiport.sys
+ 2008-04-13 18:56 . 2008-04-13 18:56 30592 c:\windows\maxdriver\rndismpx.sys
+ 2004-08-03 21:04 . 2008-04-13 18:56 30592 c:\windows\maxdriver\rndismp.sys
+ 2001-08-17 13:24 . 2001-08-23 11:00 12032 c:\windows\maxdriver\riodrv.sys
+ 2001-08-17 13:24 . 2001-08-23 11:00 12032 c:\windows\maxdriver\rio8drv.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 59136 c:\windows\maxdriver\rfcomm.sys
+ 2009-07-31 10:38 . 2008-04-13 18:40 57600 c:\windows\maxdriver\redbook.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 13776 c:\windows\maxdriver\recagent.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 34432 c:\windows\maxdriver\rawwan.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 16512 c:\windows\maxdriver\raspti.sys
+ 2004-08-03 21:14 . 2008-04-13 19:19 48384 c:\windows\maxdriver\raspptp.sys
+ 2004-08-03 21:05 . 2008-04-13 18:57 41472 c:\windows\maxdriver\raspppoe.sys
+ 2004-08-03 21:14 . 2008-04-13 19:19 51328 c:\windows\maxdriver\rasl2tp.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 17792 c:\windows\maxdriver\ptilink.sys
+ 2004-08-03 21:04 . 2008-04-13 18:56 69120 c:\windows\maxdriver\psched.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 35840 c:\windows\maxdriver\processr.sys
+ 2009-06-23 20:38 . 2009-06-23 20:38 15896 c:\windows\maxdriver\pfmodnt.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 24960 c:\windows\maxdriver\pciidex.sys
+ 2004-08-03 21:07 . 2008-04-13 18:36 68224 c:\windows\maxdriver\pci.sys
+ 2001-08-23 11:00 . 2008-04-13 18:40 19712 c:\windows\maxdriver\partmgr.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 80128 c:\windows\maxdriver\parport.sys
+ 2009-08-06 19:41 . 2007-12-05 00:10 16640 c:\windows\maxdriver\PalmUSBD.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 42752 c:\windows\maxdriver\p3.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 55936 c:\windows\maxdriver\nwlnkspx.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 63232 c:\windows\maxdriver\nwlnknb.sys
+ 2004-08-03 21:03 . 2008-04-13 18:56 88320 c:\windows\maxdriver\nwlnkipx.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 32512 c:\windows\maxdriver\nwlnkfwd.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 12416 c:\windows\maxdriver\nwlnkflt.sys
+ 2009-07-31 18:10 . 2008-08-02 01:36 22016 c:\windows\maxdriver\nvnetbus.sys
+ 2009-07-31 18:10 . 2008-08-02 01:36 54784 c:\windows\maxdriver\NVENETFD.sys
+ 2009-07-31 19:46 . 2005-08-19 00:52 93568 c:\windows\maxdriver\nvata.sys
+ 2004-08-03 21:00 . 2008-04-13 18:32 30848 c:\windows\maxdriver\npfs.sys
+ 2004-08-03 20:59 . 2008-04-13 18:53 40320 c:\windows\maxdriver\nmnt.sys
+ 2001-08-17 13:24 . 2001-08-23 11:00 12032 c:\windows\maxdriver\nikedrv.sys
+ 2004-08-03 22:58 . 2008-04-13 18:51 61824 c:\windows\maxdriver\nic1394.sys
+ 2004-08-03 21:03 . 2008-04-13 18:56 34688 c:\windows\maxdriver\netbios.sys
+ 2001-08-23 11:00 . 2008-04-13 18:57 40576 c:\windows\maxdriver\ndproxy.sys
+ 2004-08-03 21:14 . 2008-04-13 19:20 91520 c:\windows\maxdriver\ndiswan.sys
+ 2004-08-03 23:03 . 2008-04-13 18:55 14592 c:\windows\maxdriver\ndisuio.sys
+ 2001-08-23 11:00 . 2008-04-13 18:57 10112 c:\windows\maxdriver\ndistapi.sys
+ 2010-02-06 20:16 . 2008-04-13 19:46 10880 c:\windows\maxdriver\NdisIP.sys
+ 2010-02-06 20:16 . 2008-04-13 19:46 85248 c:\windows\maxdriver\NABTSFEC.sys
+ 2008-04-13 18:43 . 2008-04-13 18:43 12672 c:\windows\maxdriver\mutohpen.sys
+ 2004-08-03 23:07 . 2008-04-13 18:36 15488 c:\windows\maxdriver\mssmbios.sys
+ 2004-08-03 21:04 . 2008-04-13 18:56 35072 c:\windows\maxdriver\msgpc.sys
+ 2004-08-03 21:00 . 2008-04-13 18:32 19072 c:\windows\maxdriver\msfs.sys
+ 2004-08-03 20:58 . 2008-04-13 18:39 92544 c:\windows\maxdriver\mqac.sys
+ 2004-08-03 20:58 . 2008-04-13 18:39 42368 c:\windows\maxdriver\mountmgr.sys
+ 2009-07-31 10:40 . 2001-08-17 13:48 12160 c:\windows\maxdriver\mouhid.sys
+ 2004-08-03 22:58 . 2008-04-13 18:39 23040 c:\windows\maxdriver\mouclass.sys
+ 2004-08-03 23:08 . 2008-04-13 19:00 30080 c:\windows\maxdriver\modem.sys
+ 2004-08-03 23:07 . 2008-04-13 18:36 63744 c:\windows\maxdriver\mf.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 11868 c:\windows\maxdriver\mdmxsdk.sys
+ 2010-04-21 07:21 . 2010-03-30 07:46 38224 c:\windows\maxdriver\mbamswissarmy.sys
+ 2010-04-21 07:21 . 2010-03-30 07:45 20824 c:\windows\maxdriver\mbam.sys
+ 2010-02-06 20:06 . 2005-05-27 17:31 22016 c:\windows\maxdriver\LVUSBSta.sys
+ 2004-08-03 20:59 . 2009-06-24 11:18 92928 c:\windows\maxdriver\ksecdd.sys
+ 2004-08-03 20:58 . 2008-04-13 18:39 24576 c:\windows\maxdriver\kbdclass.sys
+ 2001-08-23 11:00 . 2008-04-13 18:36 37248 c:\windows\maxdriver\isapnp.sys
+ 2009-07-31 10:36 . 2008-04-13 18:54 11264 c:\windows\maxdriver\irenum.sys
+ 2008-04-13 18:45 . 2008-04-13 18:45 46592 c:\windows\maxdriver\irbus.sys
+ 2004-08-03 21:14 . 2008-04-13 19:19 75264 c:\windows\maxdriver\ipsec.sys
+ 2004-08-03 21:04 . 2008-04-13 18:57 20864 c:\windows\maxdriver\ipinip.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 32896 c:\windows\maxdriver\ipfltdrv.sys
+ 2004-08-03 21:00 . 2008-04-13 18:53 36608 c:\windows\maxdriver\ip6fw.sys
+ 2004-08-03 20:59 . 2008-04-13 18:31 36352 c:\windows\maxdriver\intelppm.sys
+ 2004-08-03 21:00 . 2008-04-13 18:40 42112 c:\windows\maxdriver\imapi.sys
+ 2004-08-03 21:14 . 2008-04-13 19:18 52480 c:\windows\maxdriver\i8042prt.sys
+ 2009-07-31 10:40 . 2008-04-13 18:45 10368 c:\windows\maxdriver\hidusb.sys
+ 2004-08-03 21:08 . 2008-04-13 18:45 24960 c:\windows\maxdriver\hidparse.sys
+ 2008-04-13 18:45 . 2008-04-13 18:45 19200 c:\windows\maxdriver\hidir.sys
+ 2004-08-03 21:08 . 2008-04-13 18:45 36864 c:\windows\maxdriver\hidclass.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 25600 c:\windows\maxdriver\hidbth.sys
+ 2009-07-31 21:29 . 2008-04-13 18:45 10624 c:\windows\maxdriver\gameenum.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 46464 c:\windows\maxdriver\gagp30kx.sys
+ 2001-08-17 13:57 . 2001-08-23 11:00 12160 c:\windows\maxdriver\fsvga.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 20480 c:\windows\maxdriver\flpydisk.sys
+ 2001-08-23 11:00 . 2008-04-13 18:33 44544 c:\windows\maxdriver\fips.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 27392 c:\windows\maxdriver\fdc.sys
+ 2009-06-23 20:37 . 2009-06-23 20:37 92696 c:\windows\maxdriver\emupia2k.sys
+ 2004-08-03 21:00 . 2008-04-13 18:38 71168 c:\windows\maxdriver\dxg.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 10496 c:\windows\maxdriver\dxapi.sys
+ 2009-07-31 21:27 . 2008-04-13 18:45 60160 c:\windows\maxdriver\drmk.sys
+ 2009-07-31 21:28 . 2008-04-13 18:45 52864 c:\windows\maxdriver\DMusic.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 14208 c:\windows\maxdriver\diskdump.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 36352 c:\windows\maxdriver\disk.sys
+ 2009-06-23 20:37 . 2009-06-23 20:37 14360 c:\windows\maxdriver\ctprxy2k.sys
+ 2009-06-23 20:36 . 2009-06-23 20:36 18840 c:\windows\maxdriver\CTGAME.SYS
+ 2004-08-03 22:59 . 2008-04-13 18:31 36736 c:\windows\maxdriver\crusoe.sys
+ 2001-08-17 13:24 . 2001-08-23 11:00 11776 c:\windows\maxdriver\cpqdap01.sys
+ 2009-06-23 20:34 . 2009-06-23 20:34 99352 c:\windows\maxdriver\COMMONFX.sys
+ 2004-08-03 21:14 . 2008-04-13 19:16 49536 c:\windows\maxdriver\classpnp.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 62976 c:\windows\maxdriver\cdrom.sys
+ 2004-08-03 21:14 . 2008-04-13 19:14 63744 c:\windows\maxdriver\cdfs.sys
+ 2001-08-17 13:52 . 2001-08-23 11:00 18688 c:\windows\maxdriver\cdaudio.sys
+ 2010-02-06 20:15 . 2008-04-13 19:46 17024 c:\windows\maxdriver\CCDECODE.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 13952 c:\windows\maxdriver\cbidf2k.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 18944 c:\windows\maxdriver\bthusb.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 36480 c:\windows\maxdriver\bthprint.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 37888 c:\windows\maxdriver\bthmodem.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 17024 c:\windows\maxdriver\bthenum.sys
+ 2004-08-03 20:59 . 2008-04-13 18:53 71552 c:\windows\maxdriver\bridge.sys
+ 2005-10-14 23:09 . 2005-10-14 23:09 51304 c:\windows\maxdriver\atnt40k.sys
+ 2004-08-03 20:58 . 2008-04-13 18:51 55808 c:\windows\maxdriver\atmlane.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 31360 c:\windows\maxdriver\atmepvc.sys
+ 2004-08-03 20:58 . 2008-04-13 18:51 59904 c:\windows\maxdriver\atmarpc.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 63488 c:\windows\maxdriver\atinxsxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 31744 c:\windows\maxdriver\atinxbxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 73216 c:\windows\maxdriver\atintuxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 13824 c:\windows\maxdriver\atinttxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 28672 c:\windows\maxdriver\atinsnxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 52224 c:\windows\maxdriver\atinraxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 14336 c:\windows\maxdriver\atinpdxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 13824 c:\windows\maxdriver\atinmdxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 57856 c:\windows\maxdriver\atinbtxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 34735 c:\windows\maxdriver\ati1xsxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 29455 c:\windows\maxdriver\ati1xbxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 36463 c:\windows\maxdriver\ati1tuxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 21343 c:\windows\maxdriver\ati1ttxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 26367 c:\windows\maxdriver\ati1snxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 63663 c:\windows\maxdriver\ati1rvxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 30671 c:\windows\maxdriver\ati1raxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 12047 c:\windows\maxdriver\ati1pdxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 11615 c:\windows\maxdriver\ati1mdxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 56623 c:\windows\maxdriver\ati1btxx.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 96512 c:\windows\maxdriver\atapi.sys
+ 2004-08-03 21:05 . 2008-04-13 18:57 14336 c:\windows\maxdriver\asyncmac.sys
+ 2009-07-31 19:52 . 2009-11-24 23:49 48560 c:\windows\maxdriver\aswTdi.sys
+ 2009-07-31 19:52 . 2009-11-24 23:48 23120 c:\windows\maxdriver\aswRdr.sys
+ 2009-07-31 19:52 . 2009-11-24 23:50 94160 c:\windows\maxdriver\aswmon2.sys
+ 2009-07-31 19:52 . 2009-11-24 23:51 93424 c:\windows\maxdriver\aswmon.sys
+ 2009-07-31 19:52 . 2009-11-24 23:50 20560 c:\windows\maxdriver\aswFsBlk.sys
+ 2004-08-03 22:58 . 2008-04-13 18:51 60800 c:\windows\maxdriver\arp1394.sys
+ 2010-02-21 00:15 . 2009-06-11 00:49 24576 c:\windows\maxdriver\ANDROIDUSB.sys
+ 2007-04-17 04:46 . 2007-04-17 04:46 33792 c:\windows\maxdriver\AmdPPM.sys
+ 2009-08-01 06:09 . 2004-08-11 23:30 39424 c:\windows\maxdriver\AmdK8.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 37760 c:\windows\maxdriver\amdk7.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 37376 c:\windows\maxdriver\amdk6.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 43008 c:\windows\maxdriver\amdagp.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 42752 c:\windows\maxdriver\alim1541.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 44928 c:\windows\maxdriver\agpcpq.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 42368 c:\windows\maxdriver\agp440.sys
+ 2008-08-14 14:57 . 2010-01-24 15:36 73312 c:\windows\maxdriver\adfs.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 11648 c:\windows\maxdriver\acpiec.sys
+ 2009-07-31 19:52 . 2009-11-24 23:47 27408 c:\windows\maxdriver\aavmker4.sys
+ 2010-05-03 21:58 . 1996-08-27 09:12 4176 c:\windows\system\QTNOTIFY.EXE
+ 2010-05-03 21:58 . 1996-08-27 09:12 8304 c:\windows\system\QTHNDLR.DLL
+ 2010-05-03 21:58 . 1996-08-27 09:12 4320 c:\windows\system\MCIQTENU.DLL
+ 2001-08-23 11:00 . 2001-08-23 11:00 4352 c:\windows\maxdriver\wmilib.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 4736 c:\windows\maxdriver\usbd.sys
+ 2004-08-03 22:58 . 2008-04-13 18:39 4352 c:\windows\maxdriver\swenum.sys
+ 2009-07-31 21:28 . 2008-04-13 18:45 6272 c:\windows\maxdriver\splitter.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 5888 c:\windows\maxdriver\smbali.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 5888 c:\windows\maxdriver\rootmdm.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 4224 c:\windows\maxdriver\rdpcdd.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 8832 c:\windows\maxdriver\rasacd.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 3328 c:\windows\maxdriver\pciide.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 6784 c:\windows\maxdriver\parvdm.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 3456 c:\windows\maxdriver\oprghdlr.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 2944 c:\windows\maxdriver\null.sys
+ 2010-02-06 20:16 . 2008-04-13 19:39 5504 c:\windows\maxdriver\MSTEE.sys
+ 2009-07-31 21:28 . 2008-04-13 18:39 4992 c:\windows\maxdriver\MSPQM.sys
+ 2009-07-31 21:28 . 2008-04-13 18:39 5376 c:\windows\maxdriver\MSPCLOCK.sys
+ 2009-07-31 21:28 . 2008-04-13 18:39 7552 c:\windows\maxdriver\MSKSSRV.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 4224 c:\windows\maxdriver\mnmdd.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 7680 c:\windows\maxdriver\mcd.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 7936 c:\windows\maxdriver\fs_rec.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 3328 c:\windows\maxdriver\dxgthk.sys
+ 2009-07-31 21:28 . 2008-04-13 18:45 2944 c:\windows\maxdriver\drmkaud.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 5888 c:\windows\maxdriver\dmload.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 4224 c:\windows\maxdriver\beep.sys
+ 2009-09-23 06:48 . 2008-03-06 18:51 3840 c:\windows\maxdriver\BANTExt.sys
+ 2009-07-31 10:39 . 2001-08-17 13:59 3072 c:\windows\maxdriver\audstub.sys
+ 2010-05-03 21:58 . 1996-08-27 09:12 429424 c:\windows\system\QTIM.DLL
+ 2008-01-19 18:45 . 2008-01-19 18:45 503144 c:\windows\maxdriver\wdf01000.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 121984 c:\windows\maxdriver\usbvideo.sys
+ 2004-08-03 21:08 . 2008-04-13 18:45 143872 c:\windows\maxdriver\usbport.sys
+ 2004-08-03 20:58 . 2008-04-13 18:39 384768 c:\windows\maxdriver\update.sys
+ 2004-08-03 21:07 . 2010-02-11 12:02 226880 c:\windows\maxdriver\tcpip6.sys
+ 2004-08-03 21:14 . 2008-06-20 11:51 361600 c:\windows\maxdriver\tcpip.sys
+ 2004-08-03 21:14 . 2009-12-31 16:50 353792 c:\windows\maxdriver\srv.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 404990 c:\windows\maxdriver\slntamr.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 129535 c:\windows\maxdriver\slnt7554.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 166912 c:\windows\maxdriver\s3gnbm.sys
+ 2001-08-23 11:00 . 2008-05-08 14:02 203136 c:\windows\maxdriver\rmcast.sys
+ 2009-07-31 17:44 . 2008-04-14 00:13 139656 c:\windows\maxdriver\rdpwd.sys
+ 2009-07-31 17:44 . 2008-04-13 18:32 196224 c:\windows\maxdriver\rdpdr.sys
+ 2004-08-03 21:20 . 2008-04-13 19:28 175744 c:\windows\maxdriver\rdbss.sys
+ 2009-07-31 21:27 . 2008-04-13 19:19 146048 c:\windows\maxdriver\portcls.sys
+ 2004-08-03 21:07 . 2008-04-13 18:36 120192 c:\windows\maxdriver\pcmcia.sys
+ 2004-08-03 21:02 . 2008-04-13 18:34 163584 c:\windows\maxdriver\nwrdr.sys
+ 2009-07-31 18:10 . 2005-04-06 10:22 208256 c:\windows\maxdriver\nvsnpu.sys
+ 2009-07-31 18:10 . 2008-08-02 01:35 955520 c:\windows\maxdriver\nvnrm.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 180360 c:\windows\maxdriver\ntmtlfax.sys
+ 2004-08-03 21:15 . 2008-04-13 19:15 574976 c:\windows\maxdriver\ntfs.sys
+ 2004-08-03 21:14 . 2008-04-13 19:21 162816 c:\windows\maxdriver\netbt.sys
+ 2004-08-03 21:14 . 2008-04-13 19:20 182656 c:\windows\maxdriver\ndis.sys
+ 2004-08-03 21:15 . 2008-04-13 19:17 105344 c:\windows\maxdriver\mup.sys
+ 2009-07-31 20:32 . 2004-08-04 05:29 452736 c:\windows\maxdriver\mtxparhm.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 126686 c:\windows\maxdriver\mtlmnt5.sys
+ 2004-08-03 21:15 . 2010-02-24 13:11 455680 c:\windows\maxdriver\mrxsmb.sys
+ 2004-08-03 21:00 . 2008-04-13 18:32 180608 c:\windows\maxdriver\mrxdav.sys
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\maxdriver\ks.sys
+ 2009-07-31 21:28 . 2008-04-13 18:45 172416 c:\windows\maxdriver\kmixer.sys
+ 2004-08-03 21:04 . 2008-04-13 18:57 152832 c:\windows\maxdriver\ipnat.sys
+ 2004-08-03 21:00 . 2009-10-20 16:20 265728 c:\windows\maxdriver\http.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 685056 c:\windows\maxdriver\hsfcxts2.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 220032 c:\windows\maxdriver\hsfbs2s2.sys
+ 2008-04-13 16:36 . 2008-04-13 16:36 144384 c:\windows\maxdriver\hdaudbus.sys
+ 2009-06-23 20:38 . 2009-06-23 20:38 189464 c:\windows\maxdriver\haP17v2k.sys
+ 2009-06-23 20:38 . 2009-06-23 20:38 162840 c:\windows\maxdriver\haP16v2k.sys
+ 2009-06-23 20:38 . 2009-06-23 20:38 798744 c:\windows\maxdriver\ha10kx2k.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 125056 c:\windows\maxdriver\ftdisk.sys
+ 2009-07-31 17:46 . 2008-04-13 18:32 129792 c:\windows\maxdriver\fltmgr.sys
+ 2004-08-03 21:14 . 2008-04-13 19:14 143744 c:\windows\maxdriver\fastfat.sys
+ 2004-08-03 21:07 . 2008-04-13 18:44 153344 c:\windows\maxdriver\dmio.sys
+ 2004-08-03 21:07 . 2008-04-13 18:44 799744 c:\windows\maxdriver\dmboot.sys
+ 2009-06-23 20:37 . 2009-06-23 20:37 157208 c:\windows\maxdriver\ctsfm2k.sys
+ 2009-06-23 20:34 . 2009-06-23 20:34 566296 c:\windows\maxdriver\CTSBLFX.sys
+ 2009-06-23 20:37 . 2009-06-23 20:37 127512 c:\windows\maxdriver\ctoss2k.sys
+ 2009-06-23 20:35 . 2009-06-23 20:35 100888 c:\windows\maxdriver\CTERFXFX.sys
+ 2009-06-23 20:36 . 2009-06-23 20:36 347080 c:\windows\maxdriver\ctdvda2k.sys
+ 2009-06-23 20:34 . 2009-06-23 20:34 555032 c:\windows\maxdriver\CTAUDFX.sys
+ 2009-06-23 20:36 . 2009-06-23 20:36 528408 c:\windows\maxdriver\ctaud2k.sys
+ 2009-06-23 20:36 . 2009-06-23 20:36 511000 c:\windows\maxdriver\ctac32k.sys
+ 2001-08-17 14:02 . 2001-08-23 11:00 262528 c:\windows\maxdriver\cinemst2.sys
+ 2008-04-13 18:46 . 2008-06-13 11:05 272128 c:\windows\maxdriver\bthport.sys
+ 2008-04-13 18:51 . 2008-04-13 18:51 101120 c:\windows\maxdriver\bthpan.sys
+ 2001-08-23 11:00 . 2001-08-23 11:00 352256 c:\windows\maxdriver\atmuni.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 104960 c:\windows\maxdriver\atinrvxx.sys
+ 2009-07-31 20:31 . 2004-08-04 05:29 327040 c:\windows\maxdriver\ati2mtaa.sys
+ 2009-07-31 19:52 . 2009-11-24 23:50 114768 c:\windows\maxdriver\aswSP.sys
+ 2004-08-03 21:14 . 2008-08-14 10:04 138496 c:\windows\maxdriver\afd.sys
+ 2009-07-31 21:28 . 2008-04-13 16:39 142592 c:\windows\maxdriver\aec.sys
+ 2004-08-03 21:07 . 2008-04-13 18:36 187776 c:\windows\maxdriver\acpi.sys
+ 2010-05-03 21:58 . 1996-08-27 09:12 2037248 c:\windows\QTINSTAL.EXE
+ 2009-07-31 20:32 . 2004-08-04 05:29 1897408 c:\windows\maxdriver\nv4_mini.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 1309184 c:\windows\maxdriver\mtlstrm.sys
+ 2010-02-06 20:06 . 2005-05-27 17:23 2180096 c:\windows\maxdriver\lvsvf2.sys
+ 2010-02-06 20:06 . 2005-05-27 17:32 1317152 c:\windows\maxdriver\lvcm.sys
+ 2009-07-31 20:32 . 2004-08-04 05:41 1041536 c:\windows\maxdriver\hsfdpsp2.sys
+ 2007-04-10 13:03 . 2007-04-10 13:03 1164072 c:\windows\maxdriver\ha20x2k.sys
+ 2009-06-23 20:37 . 2009-06-23 20:37 1396120 c:\windows\maxdriver\CTMMFILT.SYS
+ 2009-06-23 20:36 . 2009-06-23 20:36 1366424 c:\windows\maxdriver\CT0531FL.SYS
+ 2009-07-31 20:31 . 2009-07-21 16:30 3565056 c:\windows\maxdriver\ati2mtag.sys
+ 2009-09-28 04:14 . 2007-03-08 21:34 4027840 c:\windows\maxdriver\alcxwdm.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-18 133104]
"Steam"="e:\steam\Steam.exe" [2010-05-05 1238352]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-07 2935480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-24 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-7-31 932864]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\eve\\bin\\ExeFile.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\steam\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\mule\\data\\lib\\jre\\bin\\java.exe"=
"e:\\steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57859:TCP"= 57859:TCP:Pando Media Booster
"57859:UDP"= 57859:UDP:Pando Media Booster
"58001:TCP"= 58001:TCP:Pando Media Booster
"58001:UDP"= 58001:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/31/2009 12:52 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/31/2009 12:52 PM 20560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 7:58 PM 135664]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/2/2009 2:34 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/20/2010 5:15 PM 24576]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [1/19/2010 5:49 PM 55184]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.sys [7/31/2009 10:50 PM 28160]
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 02:58]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 02:58]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003Core.job
- c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 07:17]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003UA.job
- c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 07:17]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} - hxxps://dhsnetlink.hr.state.or.us/iLinc/download/ilinci77.dll
FF - ProfilePath - c:\documents and settings\Max Steele\Application Data\Mozilla\Firefox\Profiles\aumjcdqw.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Max Steele\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Max Steele\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 08:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A4BA8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 -> SendCompleteHandler -> NDIS.sys @ 0xb9e06bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9df5a0d
SendHandler -> NDIS.sys @ 0xb9e09b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1284227242-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,d8,19,86,fa,ec,fa,16,58,d4,5d,61,20,00,cf,02,67,ea,bd,ce,f5,
33,14,5c,84,25,b6,58,b1,55,24,1e,ef,ce,db,f8,94,11,28,d6,c6,a2,38,99,b3,25,\
"rkeysecu"=hex:a7,5d,c5,e3,bb,0f,2a,82,af,f8,61,4d,3f,b6,1a,82
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-05-05 08:47:05
ComboFix-quarantined-files.txt 2010-05-05 15:46
ComboFix2.txt 2010-04-29 17:37

Pre-Run: 9,331,589,120 bytes free
Post-Run: 9,289,490,432 bytes free

- - End Of File - - 1513AEF49C9B8C5608B0367A0D8677B5


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 05 May 2010 - 11:10 AM

Hi,

I would like you to collect the file Avast listed as malicious so that a detection for it can be included into ComboFix:

Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/311508/google-search-links-in-firefox-redirect-to-different-web-sites/?p=1744900

Collect::
c:\windows\maxdriver\atapi.sys
FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys |C:\windows\system32\drivers\atapi.sys


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 05 May 2010 - 03:15 PM

Hi Myrti,

Combofix did not give me a message box after it finished running. It only gave me the log text file. Combofix said it detected the presence of rootkit activity and needed to restart the system before it ran. I was connected to the internet when running combofix. Also, since I was connected to the internet, I attempted to access Firefox when combofix finished. The re-directs are present.

Here are the contents of the log file:

ComboFix 10-05-05.02 - Max Steele 05/05/2010 12:46:48.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1543 [GMT -7:00]
Running from: c:\documents and settings\Max Steele\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Max Steele\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100505-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\maxdriver\atapi.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\maxdriver\atapi.sys

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 14:57 . 2010-02-27 00:26 220024 ----a-w- c:\windows\sigcheck.exe
2010-05-05 14:47 . 2010-05-05 19:55 -------- d-----w- c:\windows\maxdriver
2010-05-04 17:18 . 1995-07-11 16:50 21872 ----a-w- c:\windows\system32\MSACM.DRV
2010-05-04 17:18 . 1995-01-30 07:00 92208 ----a-w- c:\windows\system\WING.DLL
2010-05-04 17:18 . 1994-12-06 07:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-05-03 21:59 . 1995-01-30 07:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-05-03 21:59 . 1995-01-30 07:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-05-03 21:59 . 1995-01-30 07:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-05-03 21:59 . 1994-12-06 07:00 12800 ----a-w- c:\windows\system\WING32.DLL
2010-05-03 21:59 . 1993-06-25 21:47 20272 ----a-w- c:\windows\system32\CTL3D.DLL
2010-05-03 21:57 . 1996-01-09 17:38 283648 ----a-w- c:\windows\uninst.exe
2010-05-03 21:57 . 2010-05-03 21:57 -------- d-----w- c:\documents and settings\Max Steele\WINDOWS
2010-04-29 17:20 . 2010-04-29 17:20 183392 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 15:35 . 2010-04-24 15:35 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Nero
2010-04-24 15:18 . 2010-04-24 15:26 -------- d-----w- c:\program files\Nero
2010-04-24 15:17 . 2010-04-24 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-24 15:17 . 2010-04-24 15:33 -------- d-----w- c:\program files\Common Files\Nero
2010-04-19 14:52 . 2010-04-20 16:36 -------- d-----w- C:\SAHFF
2010-04-19 06:38 . 2010-04-19 06:38 -------- d-----w- c:\documents and settings\Max Steele\Application Data\ManyCam
2010-04-17 19:12 . 2010-04-17 19:12 -------- d-----w- c:\documents and settings\Max Steele\Application Data\EVEMon
2010-04-16 02:08 . 2010-04-16 02:08 -------- d-----w- C:\ProgramData
2010-04-16 02:06 . 2010-04-16 02:07 -------- d-----w- c:\program files\Dominic Cranes Dreamscape Mystery
2010-04-09 02:56 . 2010-04-09 02:56 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Nevosoft
2010-04-09 02:49 . 2010-04-09 02:50 -------- d-----w- c:\program files\Vampireville
2010-04-07 21:33 . 2010-04-07 21:33 -------- d-----w- c:\documents and settings\Max Steele\Application Data\QB9
2010-04-07 21:27 . 2010-04-07 21:28 -------- d-----w- c:\program files\Doors of the Mind - Inner Mysteries
2010-04-07 02:39 . 2010-04-07 02:39 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Artogon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:58 . 2010-05-03 21:58 -------- d-----w- c:\program files\DK Multimedia
2010-04-21 07:21 . 2010-04-20 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 07:10 . 2010-04-21 07:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-21 04:25 . 2010-04-21 04:25 -------- d-----w- c:\program files\ESET
2010-04-21 04:19 . 2010-02-21 00:15 -------- d-----w- c:\program files\HTC
2010-04-21 04:18 . 2010-02-21 00:17 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Teleca
2010-04-21 04:12 . 2010-04-20 16:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-21 04:05 . 2009-08-01 00:05 -------- d-----w- c:\program files\Google
2010-04-20 16:32 . 2010-04-20 16:32 -------- d-----w- c:\documents and settings\Max Steele\Application Data\SUPERAntiSpyware.com
2010-04-20 16:32 . 2009-09-27 06:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-20 06:32 . 2010-04-20 06:30 -------- d-----w- c:\documents and settings\Max Steele\Application Data\QuickScan
2010-04-20 06:10 . 2010-04-20 06:10 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Malwarebytes
2010-04-20 06:10 . 2010-04-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-19 06:56 . 2009-07-31 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-16 03:03 . 2009-08-12 01:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 06:59 . 2009-11-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-09 02:21 . 2010-04-09 02:21 31232 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\jinput-dx8.dll
2010-04-09 02:21 . 2010-04-09 02:21 29696 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\jinput-raw.dll
2010-04-09 02:21 . 2010-04-09 02:21 237568 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\lwjgl.dll
2010-04-09 02:21 . 2010-04-09 02:21 108032 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-60a5b43c-2.3.0--n\OpenAL32.dll
2010-04-05 02:14 . 2010-04-05 02:11 -------- d-----w- c:\documents and settings\Max Steele\Application Data\DarkParablesBriarRoseSE_BFG
2010-04-05 01:23 . 2010-04-05 01:22 -------- d-----w- c:\program files\Dark Parables - Curse of Briar Rose
2010-04-05 01:16 . 2009-08-12 01:31 -------- d-----w- c:\program files\bfgclient
2010-04-05 01:15 . 2010-04-05 01:15 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-04-05 01:15 . 2009-08-12 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-04-04 02:07 . 2009-08-06 19:39 -------- d-----w- c:\program files\Palm
2010-03-31 17:43 . 2010-03-31 17:43 -------- d-----w- c:\program files\Alexey V.Voronin
2010-03-31 17:30 . 2010-03-31 17:28 -------- d-----w- c:\program files\SMART Monitor
2010-03-30 07:46 . 2010-04-21 07:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-04-21 07:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 16:49 . 2009-12-10 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 05:38 . 2010-03-22 05:38 30720 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\jinput-dx8.dll
2010-03-22 05:38 . 2010-03-22 05:38 29184 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\jinput-raw.dll
2010-03-22 05:38 . 2010-03-22 05:38 163328 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\lwjgl.dll
2010-03-22 05:38 . 2010-03-22 05:38 108032 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-4eb23d79-2.2.1--n\OpenAL32.dll
2010-03-20 20:21 . 2010-03-20 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2010-03-20 20:21 . 2010-03-20 20:19 -------- d-----w- c:\program files\MySQL
2010-03-20 20:20 . 2010-03-20 20:20 -------- d-----w- c:\program files\IIS
2010-03-20 02:43 . 2010-03-20 02:43 -------- d-----w- c:\program files\Microsoft
2010-03-19 15:35 . 2010-03-03 20:17 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Skype
2010-03-17 22:17 . 2010-03-17 22:17 79488 ----a-w- c:\documents and settings\Max Steele\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-15 05:25 . 2009-09-27 06:11 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Wargaming.Net
2010-03-15 05:22 . 2010-03-04 00:22 -------- d-----w- c:\documents and settings\Max Steele\Application Data\Darkfall US
2010-03-14 00:12 . 2010-03-14 00:12 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-13 23:55 . 2010-03-13 23:55 -------- d-----w- c:\program files\OpenAL
2010-03-13 23:54 . 2009-09-27 06:06 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-13 23:54 . 2010-03-13 23:54 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-12 16:56 . 2010-03-12 16:55 -------- d-----w- c:\documents and settings\Max Steele\Application Data\.minecraft
2010-03-11 03:46 . 2010-03-11 03:46 -------- d-----w- c:\program files\CoffeeCup Software
2010-03-10 06:15 . 2004-08-03 22:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 02:00 . 2010-03-06 02:00 4096 ----a-w- c:\windows\d3dx.dat
2010-03-03 20:18 . 2010-03-03 20:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-25 06:24 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-03 21:20 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-03 22:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 20:26 . 2010-02-06 20:26 626688 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\msvcr80.dll
2010-02-06 20:26 . 2010-02-06 20:26 548864 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\msvcp80.dll
2010-02-06 20:26 . 2010-02-06 20:26 598016 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\highgui100.dll
2010-02-06 20:26 . 2010-02-06 20:26 933888 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\cxcore100.dll
2010-02-06 20:26 . 2010-02-06 20:26 724992 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\cv100.dll
2010-02-06 20:26 . 2010-02-06 20:26 24064 ----a-w- c:\documents and settings\Max Steele\Application Data\Adobe\Shockwave Player 11\xtras\download\metaioGmbH\UnifeyeViewer\ESMlib.dll
2009-09-11 22:00 . 2009-09-11 22:00 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-11 22:00 . 2009-09-11 22:00 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2002-08-01 03:55 . 2010-03-11 03:47 108 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-18 133104]
"Steam"="e:\steam\Steam.exe" [2010-05-05 1238352]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-07 2935480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-24 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-7-31 932864]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\eve\\bin\\ExeFile.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\steam\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\mule\\data\\lib\\jre\\bin\\java.exe"=
"e:\\steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57859:TCP"= 57859:TCP:Pando Media Booster
"57859:UDP"= 57859:UDP:Pando Media Booster
"58001:TCP"= 58001:TCP:Pando Media Booster
"58001:UDP"= 58001:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/31/2009 12:52 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/31/2009 12:52 PM 20560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 7:58 PM 135664]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/2/2009 2:34 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/20/2010 5:15 PM 24576]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [1/19/2010 5:49 PM 55184]

--- Other Services/Drivers In Memory ---

*Deregistered* - NVR0Dev
*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 02:58]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 02:58]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003Core.job
- c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 07:17]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1284227242-725345543-1003UA.job
- c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 07:17]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} - hxxps://dhsnetlink.hr.state.or.us/iLinc/download/ilinci77.dll
FF - ProfilePath - c:\documents and settings\Max Steele\Application Data\Mozilla\Firefox\Profiles\aumjcdqw.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Max Steele\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Max Steele\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Max Steele\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 12:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A5648C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 -> SendCompleteHandler -> NDIS.sys @ 0xb9e06bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9e13a21
SendHandler -> NDIS.sys @ 0xb9df187b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1284227242-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,d8,19,86,fa,ec,fa,16,58,d4,5d,61,20,00,cf,02,67,ea,bd,ce,f5,
33,14,5c,84,25,b6,58,b1,55,24,1e,ef,ce,db,f8,94,11,28,d6,c6,a2,38,99,b3,25,\
"rkeysecu"=hex:a7,5d,c5,e3,bb,0f,2a,82,af,f8,61,4d,3f,b6,1a,82
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-05-05 13:10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 20:10
ComboFix2.txt 2010-05-05 15:47
ComboFix3.txt 2010-04-29 17:37

Pre-Run: 9,290,973,184 bytes free
Post-Run: 9,250,840,576 bytes free

- - End Of File - - 213E937175416A6CABAA442109E43CE9

Edited by maxsteele, 05 May 2010 - 03:18 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 PM

Posted 07 May 2010 - 07:24 AM

Hi,

the upload indeed seems to have failed. Could you please do it manually:
Please go to C:\qoobox\quarantine and locate the file [4]Submit_<date and time>.zip, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.
Once the upload done, please let me know so I can get the file.

Then I think we need to replace the file in Recovery Console:
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. At the C:\Windows prompt, type the following bolded text, and press Enter:
    cd system32\drivers
  6. At the next prompt type the following bolded text, and press Enter:

    ren atapi.sys atapi.bad

  7. At the next prompt type the following bolded text, and press Enter:

    copy c:\windows\ServicePackFiles\i386\atapi.sys atapi.sys

  8. The command should then show 1 file(s) copied.
  9. At the next prompt type the following bolded text, and press Enter:

    exit
Windows will now begin loading. Let me know if the redirects continue.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 maxsteele

maxsteele
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 May 2010 - 01:37 AM

Hi Myrti,

I have sent the file successfully.

I have performed the file rename and copy from the Windows Recovery Console.

I have went to over 20 different links in Firefox and the re-directs are not happening.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users