Inactive Requesting approval to follow the 8 steps

[Dcarr]

Hello all,
I have some very strange things going on with my computer. I use AVG, SUPERAntimalware, CCleaner and Malwarebytes. Using these tools I have done a pretty good job at keeping my computer clean. Here not to long ago my wife downloaded a virus called rouge.mysecurityshield and rouge.antimalwaredoctor and I ran my scans thus removing the viruses. I have been able to find no trace of these files anywhere on my computer.

This being said I still believe I am infected due to some piculiar behavior from my computer. Here is a list of the things happening.

1. Can not go to google.com or use yahoo.com search ingine
2. My windows updates are popping up in the tray but I can not install them when I click on it, it disapeers.
3. Slow
4. My pop up blocker says it is working but it isn't

Bellow are some of the actions I have taken that I believe were mistakes.

1. In safe mode I removed all my anti virus/ malware programs then reinstalled them and ran them one by one. This was to no avail and have made my computer slower.
2. Tried to do a system restore. I wish I had found this forum first but I did this once and then found my problem was not fixed and tried several more times but it would not allow me to.

So I just wanted to give a short history before I started to do the 8 steps because I wanted to be sure I had not already messed up too much to start there or that I was not beyond that at this point.

 

[Bobbye]

Welcome to TechSpot! You most surely have my approval to go through these steps:

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Now that you are in my hands, please observe the following:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

These scans will give me some idea of what's on the system and what the most appropriate next is. Hold off on the Windows updating for now. We'll work on the redirects first.

 

[Dcarr]

Do I also have your permission to run AVG or shall I uninstall that and install Avast?

edit: I downloaded Avast. It is now asking me to do this, "To finish the clean up process, we recommend running a boot-time scan, i.e restarting the computer and letting Avast! scan all your data before windows starts. Do you want to schedule the boot-time scan and restart the computer now?"
Shall I do this or say no and let the scan that is happening continue? Also do I remove infected files and restart when the scan is done then copy the log?

 

[Dcarr]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6468

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/28/2011 9:59:52 PM
mbam-log-2011-04-28 (21-59-52).txt

Scan type: Quick scan
Objects scanned: 155255
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA3A1762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP4T0L0-12 8A79A27F
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Device\Ide\IdeDeviceP3T0L0-7 -> \??\IDE#DiskHitachi_HDP725016GLA380_________________GMBOA52A#5&2422feac&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2009 7:29:14 PM
System Uptime: 4/28/2011 9:46:17 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 43.379 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.758 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP725: 1/28/2011 6:45:35 PM - System Checkpoint
RP726: 1/29/2011 7:35:13 PM - System Checkpoint
RP727: 1/30/2011 8:58:59 PM - System Checkpoint
RP728: 1/31/2011 9:51:02 PM - System Checkpoint
RP729: 2/1/2011 10:35:13 PM - System Checkpoint
RP730: 2/2/2011 11:35:13 PM - System Checkpoint
RP731: 2/4/2011 12:30:35 AM - System Checkpoint
RP732: 2/5/2011 1:30:35 AM - System Checkpoint
RP733: 2/6/2011 2:30:38 AM - System Checkpoint
RP734: 2/7/2011 3:30:38 AM - System Checkpoint
RP735: 2/8/2011 3:33:01 AM - System Checkpoint
RP736: 2/9/2011 4:33:01 AM - System Checkpoint
RP737: 2/9/2011 6:22:59 PM - Software Distribution Service 3.0
RP738: 2/10/2011 6:35:06 PM - System Checkpoint
RP739: 2/11/2011 7:34:02 PM - System Checkpoint
RP740: 2/12/2011 7:51:34 PM - System Checkpoint
RP741: 2/13/2011 10:01:38 AM - Removed Skype Toolbars
RP742: 2/13/2011 10:02:14 AM - Removed Skype™ 4.2
RP743: 2/14/2011 10:28:42 AM - System Checkpoint
RP744: 2/15/2011 11:08:18 AM - System Checkpoint
RP745: 2/16/2011 1:04:17 PM - System Checkpoint
RP746: 2/17/2011 2:03:06 PM - System Checkpoint
RP747: 2/18/2011 3:28:41 PM - System Checkpoint
RP748: 2/19/2011 4:04:11 PM - System Checkpoint
RP749: 2/20/2011 4:06:54 PM - System Checkpoint
RP750: 2/21/2011 4:12:49 PM - System Checkpoint
RP751: 2/22/2011 5:03:06 PM - System Checkpoint
RP752: 2/23/2011 6:23:18 PM - System Checkpoint
RP753: 2/24/2011 7:03:06 PM - System Checkpoint
RP754: 2/25/2011 8:04:11 PM - System Checkpoint
RP755: 2/26/2011 9:03:07 PM - System Checkpoint
RP756: 2/27/2011 9:04:12 PM - System Checkpoint
RP757: 2/28/2011 10:03:16 PM - System Checkpoint
RP758: 3/1/2011 11:03:15 PM - System Checkpoint
RP759: 3/3/2011 12:32:30 AM - System Checkpoint
RP760: 3/4/2011 1:35:10 AM - System Checkpoint
RP761: 3/5/2011 2:03:15 AM - System Checkpoint
RP762: 3/6/2011 3:03:15 AM - System Checkpoint
RP763: 3/7/2011 4:03:16 AM - System Checkpoint
RP764: 3/8/2011 3:00:14 AM - Software Distribution Service 3.0
RP765: 3/9/2011 3:03:16 AM - System Checkpoint
RP766: 3/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP767: 3/11/2011 3:03:16 AM - System Checkpoint
RP768: 3/12/2011 4:03:16 AM - System Checkpoint
RP769: 3/13/2011 5:03:16 AM - System Checkpoint
RP770: 3/14/2011 6:14:18 AM - System Checkpoint
RP771: 3/15/2011 8:43:14 AM - System Checkpoint
RP772: 3/16/2011 3:00:14 AM - Software Distribution Service 3.0
RP773: 3/17/2011 3:21:17 AM - System Checkpoint
RP774: 3/18/2011 4:21:17 AM - System Checkpoint
RP775: 3/19/2011 6:26:15 AM - System Checkpoint
RP776: 3/20/2011 9:33:29 AM - System Checkpoint
RP777: 3/21/2011 10:10:14 AM - System Checkpoint
RP778: 3/22/2011 5:05:13 PM - System Checkpoint
RP779: 3/22/2011 7:10:39 PM - Installed Java(TM) 6 Update 24
RP780: 3/23/2011 7:39:29 PM - System Checkpoint
RP781: 3/24/2011 8:49:30 PM - System Checkpoint
RP782: 3/26/2011 9:41:52 AM - System Checkpoint
RP783: 3/27/2011 10:32:07 AM - System Checkpoint
RP784: 3/28/2011 11:07:07 AM - System Checkpoint
RP785: 3/29/2011 11:08:13 AM - System Checkpoint
RP786: 3/30/2011 12:02:39 PM - System Checkpoint
RP787: 3/31/2011 12:17:03 PM - System Checkpoint
RP788: 4/1/2011 12:24:13 PM - System Checkpoint
RP789: 4/2/2011 12:44:32 PM - System Checkpoint
RP790: 4/3/2011 1:08:31 PM - System Checkpoint
RP791: 4/4/2011 2:18:36 PM - System Checkpoint
RP792: 4/5/2011 3:58:38 PM - System Checkpoint
RP793: 4/6/2011 7:11:29 PM - System Checkpoint
RP794: 4/7/2011 7:39:00 PM - System Checkpoint
RP795: 4/8/2011 9:03:57 PM - System Checkpoint
RP796: 4/9/2011 9:39:00 PM - System Checkpoint
RP797: 4/10/2011 10:39:00 PM - System Checkpoint
RP798: 4/11/2011 11:39:00 PM - System Checkpoint
RP799: 4/12/2011 11:39:05 PM - System Checkpoint
RP800: 4/13/2011 7:27:36 PM - Installed Windows Internet Explorer 8.
RP801: 4/13/2011 8:47:47 PM - Removed AVG 2011
RP802: 4/13/2011 8:48:40 PM - Removed AVG 2011
RP803: 4/13/2011 9:02:24 PM - Installed AVG 2011
RP804: 4/13/2011 9:02:44 PM - Installed AVG 2011
RP805: 4/14/2011 5:38:25 AM - Removed AVG 2011
RP806: 4/14/2011 5:39:19 AM - Removed AVG 2011
RP807: 4/15/2011 6:19:37 AM - System Checkpoint
RP808: 4/15/2011 6:44:12 PM - Installed AVG 2011
RP809: 4/15/2011 6:44:37 PM - Installed AVG 2011
RP810: 4/16/2011 9:08:50 PM - System Checkpoint
RP811: 4/17/2011 9:48:32 PM - System Checkpoint
RP812: 4/18/2011 10:36:32 PM - System Checkpoint
RP813: 4/19/2011 10:36:35 PM - System Checkpoint
RP814: 4/20/2011 11:36:36 PM - System Checkpoint
RP815: 4/22/2011 12:36:36 AM - System Checkpoint
RP816: 4/23/2011 1:36:36 AM - System Checkpoint
RP817: 4/24/2011 2:45:51 AM - System Checkpoint
RP818: 4/24/2011 7:12:28 AM - Restore Operation
RP819: 4/24/2011 7:58:45 AM - Restore Operation
RP820: 4/24/2011 8:18:31 AM - Restore Operation
RP821: 4/24/2011 8:41:07 AM - Restore Operation
RP822: 4/24/2011 7:28:43 PM - Installed AVG 2011
RP823: 4/24/2011 7:29:12 PM - Installed AVG 2011
RP824: 4/25/2011 6:47:47 PM - Removed AVG 2011
RP825: 4/25/2011 6:48:40 PM - Removed AVG 2011
RP826: 4/26/2011 6:54:08 PM - System Checkpoint
RP827: 4/27/2011 7:08:14 PM - System Checkpoint
RP828: 4/28/2011 7:08:24 PM - avast! Free Antivirus Setup
.
==== Hosts File Hijack ======================
.
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 216.45.48.244 www.google.com
Hosts: 216.45.48.244 google.com
Hosts: 216.45.48.244 google.com.au
Hosts: 216.45.48.244 www.google.com.au
Hosts: 216.45.48.244 google.be
Hosts: 216.45.48.244 www.google.be
Hosts: 216.45.48.244 google.com.br
Hosts: 216.45.48.244 www.google.com.br
Hosts: 216.45.48.244 google.ca
Hosts: 216.45.48.244 www.google.ca
Hosts: 216.45.48.244 google.ch
Hosts: 216.45.48.244 www.google.ch
Hosts: 216.45.48.244 google.de
Hosts: 216.45.48.244 www.google.de
Hosts: 216.45.48.244 google.dk
Hosts: 216.45.48.244 www.google.dk
Hosts: 216.45.48.244 google.fr
Hosts: 216.45.48.244 www.google.fr
Hosts: 216.45.48.244 google.ie
Hosts: 216.45.48.244 www.google.ie
Hosts: 216.45.48.244 google.it
Hosts: 216.45.48.244 www.google.it
Hosts: 216.45.48.244 google.co.jp
Hosts: 216.45.48.244 www.google.co.jp
Hosts: 216.45.48.244 google.nl
Hosts: 216.45.48.244 www.google.nl
Hosts: 216.45.48.244 google.no
Hosts: 216.45.48.244 www.google.no
Hosts: 216.45.48.244 google.co.nz
Hosts: 216.45.48.244 www.google.co.nz
Hosts: 216.45.48.244 google.pl
Hosts: 216.45.48.244 www.google.pl
Hosts: 216.45.48.244 google.se
Hosts: 216.45.48.244 www.google.se
Hosts: 216.45.48.244 google.co.uk
Hosts: 216.45.48.244 www.google.co.uk
Hosts: 216.45.48.244 google.co.za
Hosts: 216.45.48.244 www.google.co.za
Hosts: 216.45.48.244 www.google-analytics.com
Hosts: 216.45.48.244 www.bing.com
Hosts: 216.45.48.244 search.yahoo.com
Hosts: 216.45.48.244 www.search.yahoo.com
Hosts: 216.45.48.244 uk.search.yahoo.com
Hosts: 216.45.48.244 ca.search.yahoo.com
Hosts: 216.45.48.244 de.search.yahoo.com
Hosts: 216.45.48.244 fr.search.yahoo.com
Hosts: 216.45.48.244 au.search.yahoo.com
.
==== Installed Programs ======================
.
AAC Decoder
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Agere Systems PCI-SV92EX Soft Modem
Ares 2.1.1
AutoUpdate
avast! Free Antivirus
AVG 2011
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink Power2Go
CyberLink PowerDVD
D1500
D1500_Help
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
eMachines Games
eSupportQFolder
Facebook Plug-In
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 6 Update 18
Java(TM) 6 Update 23
Java(TM) 6 Update 5
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MKV Splitter
Mozilla Firefox (3.6.15)
MSVCSetup
NTI Media Maker 8
NVIDIA Drivers
OpenOffice.org 3.2
PerfectDisk 10 Professional
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Uniblue ProcessQuickLink 2
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoToolkit01
VLC media player 1.0.1
WebEx
WebEx Productivity Tools
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Workspace Desktop
Yahoo! Software Update
Yahoo! Toolbar
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/28/2011 9:31:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The PDAgent service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:03 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:03 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 8:22:12 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/28/2011 12:13:52 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
4/28/2011 1:35:32 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D72B254D9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/28/2011 1:24:56 PM, error: Dhcp [1002] - The IP address lease 67.60.87.41 for the Network Card with network address 001D72B254D9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/26/2011 5:04:45 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
4/26/2011 5:04:39 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
4/26/2011 5:04:39 AM, error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
4/26/2011 5:04:31 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 6:57:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips Processor SASDIFSV SASKUTIL
4/25/2011 6:44:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/25/2011 5:41:33 PM, error: Service Control Manager [7034] - The File Backup Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:41:17 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/25/2011 5:28:45 PM, error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The Alerter service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:35 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:22 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:22 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/25/2011 5:19:51 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:06:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/25/2011 5:06:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/25/2011 12:15:31 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0017EE7043FD. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/24/2011 8:40:41 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/24/2011 8:39:16 AM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
4/24/2011 6:42:56 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Delbert Carr at 22:12:09.93 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2117 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Starfield\WorkspaceUpdate.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
H:\virus suit\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Starfield Updater] "c:\program files\starfield\WorkspaceUpdate.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
mRun: [LaunchApp]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjAyMTEyMzU4LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLVZJUDEwKzEtRjEwTTEwRCsyLUNJQTEwKzItRkwxMCsxLUxJQysxLVhPMTArMTE"&"prod=90"&"ver=10.0.1325
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nazcare.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\delber~1\applic~1\mozilla\firefox\profiles\ehxjen98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\{ec5def39-7b74-48b7-a4e7-1d95bb1674a8}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\webex\productivity tools\components\OCFF.dll
FF - plugin: c:\documents and settings\delbert carr\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-28 307288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-28 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-28 42184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1215216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
.
=============== Created Last 30 ================
.
2011-04-29 04:52:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 04:52:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 02:09:16 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 02:08:43 40112 ----a-w- c:\windows\avastSS.scr
2011-04-29 02:08:24 -------- d-----w- c:\program files\AVAST Software
2011-04-29 02:08:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-26 13:31:00 -------- d-----w- c:\docume~1\delber~1\locals~1\applic~1\PackageAware
2011-04-26 12:07:51 -------- d-----w- c:\program files\Uniblue
2011-04-24 14:17:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-24 14:17:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-16 01:44:51 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-14 12:32:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-14 12:11:46 -------- d-----w- c:\docume~1\delber~1\locals~1\applic~1\AVG Security Toolbar
2011-04-14 02:26:01 -------- dc-h--w- c:\windows\ie8
2011-04-01 03:29:12 -------- d-----w- c:\docume~1\delber~1\applic~1\SUPERAntiSpyware.com
2011-04-01 03:29:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-01 03:27:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-31 00:17:22 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDP725016GLA380 rev.GMBOA52A -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-7
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A79A439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7a07d0]; MOV EAX, [0x8a7a084c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7ACAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006b[0x8A911250]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A865D98]
\Driver\atapi[0x8A8ABBB8] -> IRP_MJ_CREATE -> 0x8A79A439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-7 -> \??\IDE#DiskHitachi_HDP725016GLA380_________________GMBOA52A#5&2422feac&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A79A27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:14:21.76 ===============

 

[Bobbye]

Your questions / My answers:

Do I also have your permission to run AVG or shall I uninstall that and install Avast?

Please read the steps in the thread carefully. If you already had an antivirus program, you did not need to change it. Avast and Avira are only left as recommendation to put a free AV on the system is none is running.

If you have a functioning, updating antivirus program, please leave it on the system for now. If you're NOT running any antivirus, you should install one now. Please update the antivirus program and run a full system scan.

edit: I downloaded Avast. It is now asking me to do this, "To finish the clean up process, we recommend running a boot-time scan, i.e restarting the computer and letting Avast! scan all your data before windows starts.1. Do you want to schedule the boot-time scan and restart the computer now?"

2. Shall I do this or say no and let the scan that is happening continue? 3. Also do I remove infected files and restart when the scan is done then copy the log?
1. No 2. Omit the scan 3. Close the scan.
=====================================================
Unfortunately, you now have both AVG and Avast running and this is an added vulnerability to the system. In addition to that, you have malware infection called Windows Security Suite and your host files have been hijacked.

And to add to that, you have a rootkit malware infection> Please follow these directions I have set up for you carefully. If you don't understand something, please stop and ask. One of the programs I am going to have you run will not work with AVG on the system. Since you have Avast, for now, uninstall AVG as follows
Download AppRemover and save to the desktop]
How to Use AppRemover to Remove a Complete Security Application

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   https://www.techspot.com/downloads/5514-appremover.htmlabout/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
   [*] Check the AVG program you want to uninstall
   [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]
   [b]Reboot the computer[/b]
   ========================================
   Run this program: [list]
   [*] Download the file [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b][color=blue]TDSSKiller.zip[/b][/color][/url] and save to the desktop.
   [B](If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)[/B]
   [*][B]Right[/B]-click the [B]tdsskiller.zip [/B]file> Select [B]Extract All [/B]into a folder on the infected (or potentially infected) PC.
   [*] Double click on [b]TDSSKiller.exe.[/b] to run the scan
   [*] When the scan is over, the utility outputs a list of detected objects with description.
   The utility automatically selects an action (Cure or Delete) for malicious objects.
   The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
   [*] Select the action [b]Quarantine[/b] to quarantine detected objects.
   The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
   [*] After clicking Next, the utility applies selected actions and outputs the result. [b]Please leave the log in your next reply.
   [*] A reboot is required after disinfection.[/list]
   ================================
   [b]Summary[/b]
   1. Close and ignore Avast scan.
   2. Uninstall AVG
   3. Run TDSSKiller and leave log with next reply
   4. Go on to my next reply after you have finished the above.

 

[Bobbye]

After you have completed this:
1. Close and ignore Avast scan.
2. Uninstall AVG
3. Run TDSSKiller and leave log with next reply
>>>>>>>>>>>>>>>go on and run the following>>>>>>>>>>>>>>>>>>>>>>
4. Please note: If you have Combofix on the desktop already, please uninstall it and download the newset version below:.Uninstall ComboFix if needed:

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Leave the TDSSKiller log from the previous post.
Leave the Combofix log

If you have any questions or problems, please stop and ask me- don't try solving it on your own. We are patient and glad to help.

 

[Dcarr]

okay so bellow is the log for how I read your instructions regarding TDSSKiller. Please let me know if I did this correctly because I was a little confused with the directions. My confusion was with the fact that it auto selects cure or delte but the directions did not say to cure or delte them but to quarantine so the only option under the drop down that was close was the copy to quarantine option. So I hope I did it right if not let me know. Thanks.

\HardDisk0 - copied to quarantine
\HardDisk0\TDLFS\cfg.ini - copied to quarantine
\HardDisk0\TDLFS\mbr - copied to quarantine
\HardDisk0\TDLFS\bckfg.tmp - copied to quarantine
\HardDisk0\TDLFS\cmd.dll - copied to quarantine
\HardDisk0\TDLFS\ldr16 - copied to quarantine
\HardDisk0\TDLFS\ldr32 - copied to quarantine
\HardDisk0\TDLFS\ldr64 - copied to quarantine
\HardDisk0\TDLFS\drv64 - copied to quarantine
\HardDisk0\TDLFS\cmd64.dll - copied to quarantine
\HardDisk0\TDLFS\drv32 - copied to quarantine
\HardDisk0\TDLFS\dkmks.tmp - copied to quarantine
\HardDisk0\TDLFS\r.dll - copied to quarantine

 

[Dcarr]

ComboFix 11-04-28.02 - Delbert Carr 04/29/2011 21:56:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2428 [GMT -7:00]
Running from: h:\virus suit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
PEV Error: AppFolder
PEV Error: FavFile
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Delbert Carr\Application Data\Adobe\plugs
c:\documents and settings\Delbert Carr\Application Data\Adobe\shed
c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}
c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome.manifest
c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome\content\_cfg.js
c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome\content\c.js
c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\chrome\content\overlay.xul
c:\documents and settings\Delbert Carr\Local Settings\Application Data\{764F5489-6AEB-42CA-94AB-EFBFD61EE462}\install.rdf
C:\Microsoft
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 00:49 . 2011-04-30 00:49 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-29 04:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 04:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 02:09 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-29 02:09 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-29 02:09 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 02:09 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-29 02:09 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-29 02:09 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-29 02:09 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-29 02:09 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-29 02:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-29 02:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\program files\AVAST Software
2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-26 13:31 . 2011-04-26 13:31 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\PackageAware
2011-04-26 12:07 . 2011-04-26 13:36 -------- d-----w- c:\program files\Uniblue
2011-04-24 17:11 . 2011-04-24 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-24 14:17 . 2011-04-24 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-17 01:27 . 2011-04-17 01:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2011-04-16 01:44 . 2011-04-30 00:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-14 12:32 . 2011-04-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-04-14 12:11 . 2011-04-14 12:11 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
2011-04-14 02:26 . 2011-04-14 02:28 -------- dc-h--w- c:\windows\ie8
2011-04-02 16:52 . 2011-04-02 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\Delbert Carr\Application Data\SUPERAntiSpyware.com
2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 03:27 . 2011-04-25 02:13 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 04:40 . 2010-06-20 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19 . 2008-02-22 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-04-14 22:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-18 17:53 . 2011-03-24 12:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-06 15:32 2735200 ----a-w- c:\program files\Zynga\tbZyn1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2009-11-05 22:29 642752 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
"Starfield Updater"="c:\program files\Starfield\WorkspaceUpdate.exe" [2011-02-17 33984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-25 2423752]
"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-07-10 23:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 06:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-02-25 05:29 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
2009-10-31 13:07 271688 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
2009-10-31 13:08 247112 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3242:TCP"= 3242:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/28/2011 7:09 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/28/2011 7:09 PM 307288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2011 7:09 PM 19544]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1215216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Delbert Carr\Application Data\Mozilla\Firefox\Profiles\ehxjen98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-LaunchApp - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 22:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-29 22:28:25
ComboFix-quarantined-files.txt 2011-04-30 05:28
.
Pre-Run: 47,371,857,920 bytes free
Post-Run: 47,346,941,952 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A8B0F264AD696A0831A8EAED140FCDEC

 

[Bobbye]

Okay- but please, when you get a log from a program, you should leave the entire log, not just the art you think I need. I will recheck for a rootkit again but there is some house keeping for you to do:

1. Java: You have 5 versions of Java on the system. These are a vulnerability toi the system. Running the program below will remove the all of the Java entries and give you the link for the current version v6u25. Unfortunately, when Java is updated, it doesn't overwrite the previous version. So you have to go into Add/Remove Programs and uninstall there:
Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Note: I do not need to see this log- please don't leave it.

Then download and install then most current version and update of Java Runtime
Environment (JRE) HERE.
=============================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
DDS::
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
mRun: [LaunchApp] 
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"=-
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue ProcessQuickLink 2"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Note: I have removed some entries for programs that put your system at risk, or use the resources unnecessarily. They are:

• 
  [*]kikin.com browser plugin. Kikin Inc is reportedly "an internet advertising company whose goal is to enhance a user’s search experience without changing the user's search behavior" - comes bundled with third party software such as JDownloader and Audiograbber. You don't want anything that "comes bundled with....! Check their Privacy Policy: http://www.kikin.com/privacy
  [*]Zynga: connect users socially through games. Through 2009 Zynga made money from lead generation advertising schemes, whereby game participants would earn game points by signing up for featured credit cards or video-rental services.
  

  So I funded [Zynga] myself but I did every horrible thing in the book to, just to get revenues right away. I mean we gave our users poker chips if they downloaded this Zwinky toolbar which was like, I don't know, I downloaded it once and couldn’t get rid of it. *laughs* We did anything possible just to just get revenues so that we could grow and be a real business.
  —Mark Pincus, Speech from Startup@Berkeley

  [*] Process Quick Link by Uniblue populates your taskmanager process list with links containing information about the various processes obtained from Uniblue's web site..Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
  [*]Ares pen source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc. ..

==========================================
Please see next reply for additional information. You can leave the new log from Combofix in your next reply.

 

[Bobbye]

When you have finished running Combofix, you can complete the uninstallation for the programs I stopped and remove their program folder.

Note: None of the following are malware. But adware, bundles software and file sharing put your system at risk. IF you do not want to uninstall these programs, it is your choice.

Go to the Control Panel> Add/Remove Program> Uninstall these programs and any related entries:
Zynga
Kilkin
Uniblue Power Process QuickLink
Ares (Entries may also show Vuze)
===================================
After the uninstalls, use Windows Explorer to delete the program files:
Right click on the Taskbar> Select Explore> Click on My Computer> Double click on Local Drive (C)> Programs> Look for and do a right click> Delete on folder for each of the uninstalled programs
==================================
Reboot the computer. Let mew know how the system is doing.

 

[Dcarr]

Okay- but please, when you get a log from a program, you should leave the entire log, not just the art you think I need.

I copied and pasted the intire log I did not leave anything out.

 

[Bobbye]

Okay, no problem. I see this is just the quarantine log, not the scan itself.

 

[Dcarr]

ComboFix 11-04-30.02 - Delbert Carr 04/30/2011 17:51:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2343 [GMT -7:00]
Running from: h:\virus suit\ComboFix.exe
Command switches used :: c:\documents and settings\Delbert Carr\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\kikin\ie_kikin.dll
c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe
c:\program files\zynga\tbZyn1.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-30 10:09 . 2011-04-30 10:09 -------- d-----w- c:\windows\ServicePackFiles
2011-04-30 00:49 . 2011-04-30 00:49 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-29 04:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 04:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 02:09 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-29 02:09 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-29 02:09 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 02:09 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-29 02:09 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-29 02:09 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-29 02:09 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-29 02:09 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-29 02:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-29 02:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\program files\AVAST Software
2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-26 13:31 . 2011-04-26 13:31 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\PackageAware
2011-04-26 12:07 . 2011-04-26 13:36 -------- d-----w- c:\program files\Uniblue
2011-04-24 17:11 . 2011-04-24 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-24 14:17 . 2011-04-24 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-17 01:27 . 2011-04-17 01:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2011-04-16 01:44 . 2011-04-30 00:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-14 12:32 . 2011-04-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-04-14 12:11 . 2011-04-14 12:11 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
2011-04-14 02:26 . 2011-04-14 02:28 -------- dc-h--w- c:\windows\ie8
2011-04-02 16:52 . 2011-04-02 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\Delbert Carr\Application Data\SUPERAntiSpyware.com
2011-04-01 03:29 . 2011-04-01 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 03:27 . 2011-04-25 02:13 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 00:37 . 2010-06-20 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-01 00:37 . 2008-02-22 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-07 05:33 . 2008-04-14 22:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 22:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2007-08-14 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-08-14 02:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2007-08-14 02:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-14 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 22:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 22:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 08:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 22:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2008-04-14 22:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2008-04-14 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 22:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-04-14 22:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-18 17:53 . 2011-03-24 12:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-30_05.20.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-01 00:37 . 2011-05-01 00:37 16384 c:\windows\Temp\Perflib_Perfdata_ad8.dat
- 2008-10-29 01:34 . 2011-04-30 04:56 71732 c:\windows\system32\perfc009.dat
+ 2008-10-29 01:34 . 2011-05-01 00:32 71732 c:\windows\system32\perfc009.dat
+ 2007-08-14 02:54 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
- 2007-08-14 02:54 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 02:54 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
- 2007-08-14 02:54 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll
- 2008-04-14 22:00 . 2008-04-14 22:00 45568 c:\windows\system32\dnsrslvr.dll
+ 2008-04-14 22:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
+ 2009-06-10 08:12 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-10 08:12 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2007-08-14 02:54 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-07-28 22:21 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-28 22:21 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 02:44 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-14 02:54 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 22:00 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2008-04-14 22:00 . 2008-04-14 22:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2011-04-30 10:01 . 2011-04-30 10:01 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-11-10 10:03 . 2010-11-10 10:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-04-30 10:01 . 2011-04-30 10:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-11-10 10:03 . 2010-11-10 10:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-01 04:50 . 2011-04-30 10:08 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-09-01 04:50 . 2011-03-08 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-30 10:07 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-30 10:07 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-30 10:07 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-30 10:07 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-30 10:07 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-30 10:08 . 2011-04-30 10:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-30 10:07 . 2011-04-30 10:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-30 10:12 . 2011-04-30 10:12 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-08 10:03 . 2010-10-08 10:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-10-29 01:34 . 2011-05-01 00:32 442466 c:\windows\system32\perfh009.dat
- 2008-10-29 01:34 . 2011-04-30 04:56 442466 c:\windows\system32\perfh009.dat
+ 2007-08-14 02:44 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2008-04-14 22:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2008-04-14 22:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
- 2007-08-14 02:54 . 2009-03-08 11:32 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2008-04-14 22:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2008-04-14 22:00 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
+ 2011-05-01 00:37 . 2011-05-01 00:37 157472 c:\windows\system32\javaws.exe
- 2011-03-23 02:11 . 2011-02-03 04:40 157472 c:\windows\system32\javaws.exe
+ 2011-05-01 00:37 . 2011-05-01 00:37 145184 c:\windows\system32\javaw.exe
- 2011-03-23 02:11 . 2011-02-03 04:40 145184 c:\windows\system32\javaw.exe
+ 2011-05-01 00:37 . 2011-05-01 00:37 145184 c:\windows\system32\java.exe
- 2011-03-23 02:11 . 2011-02-03 04:40 145184 c:\windows\system32\java.exe
+ 2007-08-14 02:54 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2007-08-14 02:39 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2007-08-14 02:39 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2008-10-29 01:24 . 2011-04-30 10:25 272576 c:\windows\system32\FNTCACHE.DAT
- 2008-10-29 01:24 . 2011-02-10 01:30 272576 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 22:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
- 2008-04-14 22:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 22:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 22:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 22:00 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2007-08-14 02:44 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 22:00 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-04-14 22:00 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
- 2007-08-14 02:54 . 2009-03-08 11:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-07-28 22:21 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-28 22:21 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-04 03:26 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-04-14 22:00 . 2010-09-18 19:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 22:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 22:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2008-04-14 22:00 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 22:00 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 22:00 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-14 22:00 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-06-10 08:12 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-10 08:12 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 20:25 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 20:25 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2007-08-14 02:39 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 02:39 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 22:00 . 2011-02-11 13:25 229888 c:\windows\system32\dllcache\fxscover.exe
+ 2008-04-14 22:00 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-14 22:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 22:00 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 22:00 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe
- 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 11:39 . 2011-01-18 11:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 11:39 . 2011-01-18 11:39 363856

 

[Dcarr]

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-01-18 11:39 . 2011-01-18 11:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-05-01 00:39 . 2011-05-01 00:39 180224 c:\windows\Installer\7bf10.msi
+ 2011-05-01 00:37 . 2011-05-01 00:37 675840 c:\windows\Installer\7bf00.msi
+ 2011-04-30 10:00 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-30 10:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-30 10:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-30 10:00 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-30 10:07 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-30 10:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-30 10:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-30 10:07 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-30 10:07 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-30 10:07 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-30 10:07 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-30 10:07 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-30 10:07 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-30 10:07 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-30 10:07 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-04-30 10:12 . 2011-04-30 10:12 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-30 10:10 . 2011-04-30 10:10 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-30 10:12 . 2011-04-30 10:12 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-30 10:09 . 2011-04-30 10:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-30 10:12 . 2011-04-30 10:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-30 10:12 . 2011-04-30 10:12 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-30 05:55 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2007-08-14 02:34 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2008-04-14 22:00 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-14 02:54 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-14 02:54 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-10 08:12 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2009-06-10 08:12 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-18 11:39 . 2011-01-18 11:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-01-18 11:39 . 2011-01-18 11:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-11-21 06:34 . 2010-11-21 06:34 1198080 c:\windows\Installer\11aaf76.msp
+ 2011-03-18 03:01 . 2011-03-18 03:01 9563648 c:\windows\Installer\11aaf68.msp
+ 2011-01-12 00:50 . 2011-01-12 00:50 8177152 c:\windows\Installer\11aaf5f.msp
+ 2010-11-21 06:33 . 2010-11-21 06:33 1980928 c:\windows\Installer\11aaf56.msp
+ 2011-04-30 10:07 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-30 10:07 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-30 10:07 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-04-30 10:07 . 2011-04-30 10:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-30 10:06 . 2011-04-30 10:06 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-30 10:07 . 2011-04-30 10:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-30 10:14 . 2011-04-30 10:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-30 10:13 . 2011-04-30 10:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-30 10:03 . 2011-04-30 10:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-08 10:03 . 2010-10-08 10:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-30 10:04 . 2011-04-30 10:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-04 06:30 . 2011-04-30 10:05 42181064 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
- 2009-06-10 08:12 . 2010-12-21 12:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-10 08:12 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-04-30 10:07 . 2011-04-30 10:07 20314624 c:\windows\Installer\11aaf93.msp
+ 2011-02-12 03:47 . 2011-02-12 03:47 12028928 c:\windows\Installer\11aaf87.msp
+ 2011-04-30 10:07 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-30 10:15 . 2011-04-30 10:15 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-30 10:12 . 2011-04-30 10:12 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-30 10:10 . 2011-04-30 10:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-30 10:09 . 2011-04-30 10:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-30 10:08 . 2011-04-30 10:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-30 10:05 . 2011-04-30 10:05 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
"Starfield Updater"="c:\program files\Starfield\WorkspaceUpdate.exe" [2011-02-17 33984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-25 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-07-10 23:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 06:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-02-25 05:29 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
2009-10-31 13:07 271688 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
2009-10-31 13:08 247112 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3242:TCP"= 3242:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/28/2011 7:09 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/28/2011 7:09 PM 307288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2011 7:09 PM 19544]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1215216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Delbert Carr\Application Data\Mozilla\Firefox\Profiles\ehxjen98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-30 18:05:44
ComboFix-quarantined-files.txt 2011-05-01 01:05
ComboFix2.txt 2011-04-30 05:28
.
Pre-Run: 46,334,427,136 bytes free
Post-Run: 46,355,738,624 bytes free
.
- - End Of File - - 7CC114C756614C6146ECD8762E1673B8

 

[Bobbye]

Question please: You will have had to remove AVG to run Combofix and are now protected by Avast. Do you plan on putting AVG back on the system or keeping Avast instead?

 

[Dcarr]

Actually, I am really happy with Avast so far! I will not be putting AVG back on.
I have a question too. From the last log does my system look clean now? It is running 200% better that is for sure but my windows update still popped up on the tast tray then disapeerd before I could click to install the updates. HP solution center also pops up when I restart to tell me that I do not have the lateset Adobe Flash player which I believe to be incorrect. These may just be settings that need to be fixed but let me know what you think. You are awesome and I am just amazed that you guys do this for free for people! I wish I knew more about helping people so I could give back a little!

 

[Bobbye]

I'm glad to hear you're keeping Avast. I think that's a wise decision. I put the remaining AVG entries in the script, to be removed.

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

KillAll::
File::
Folder::
C:\TDSSKiller_Quarantine
c:\program files\Uniblue
c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
c:\windows\system32\drivers\AVG
c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
You can uncheck all of the HP entries on the Startup menu>>>including the HP Digital Imaging.
To remove entries from the Startup Menu using the msconfig utility:

• Click on Start> Run> type in msconfig> enter>
  
  
• Click on Selective Startup
• Choose the Startup tab:
  
  
  
  All images courtesy NetSquirrel
• To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
• Uncheck any processes that don't need to start on boot.
• Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.

The only processes that need to start on boot are the antivirus program, third party firewall if you have one, touchpad if on laptop and network processes if using third party software for network. Any other entries in this section can be Unchecked.

This does not remove a process or program- it can still be accessed when needed through All Programs. And you can go back at a later time and reset the default programs if needed.
==========================================

I wish I knew more about helping people so I could give back a little!

This starts by being able to help yourself- to learn how to troubleshoot instead of doing a reformat/reinstall. Hopefully you have learned how to do some of those things here. You build on that to gain your confidence> then you step out of the box to help others.
========================================
Your system is clean. You can now remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any more questions.

 

[Dcarr]

ComboFix 11-04-30.06 - Delbert Carr 05/01/2011 17:24:32.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2308 [GMT -7:00]
Running from: h:\virus suit\ComboFix.exe
Command switches used :: c:\documents and settings\Delbert Carr\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
c:\documents and settings\All Users\Application Data\Yahoo!
c:\documents and settings\All Users\Application Data\Yahoo!\yau\4413210E-3820-41FF-A5E2-B70C786A62CB.xml
c:\documents and settings\All Users\Application Data\Yahoo!\yau\940C0094-01F7-47c6-BFE2-DC2A44D3D36F.xml
c:\documents and settings\All Users\Application Data\Yahoo!\yau\CC47E3C3-9B25-4F68-AD4A-FA5F0183E6BC.xml
c:\documents and settings\All Users\Application Data\Yahoo!\yau\toolbar_temp.xml
c:\documents and settings\All Users\Application Data\Yahoo!\yau\yautoupdater_temp.xml
c:\documents and settings\Delbert Carr\Application Data\Yahoo!
c:\documents and settings\Delbert Carr\Application Data\Yahoo!\Companion\inq_data.inq
c:\documents and settings\Delbert Carr\Application Data\Yahoo!\Companion\inq_settings.xml
c:\documents and settings\Delbert Carr\Application Data\Yahoo!\Companion\resources.inq
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\mbr0000\object.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\object.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0006.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0007.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0007.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0008.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0008.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0009.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0009.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0010.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0010.ini
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0011.dta
c:\tdsskiller_quarantine\29.04.2011_17.46.57\boot0000\tdlfs0000\tsk0011.ini
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\iavichjg.avm
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 00:39 . 2011-05-02 00:39 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2011-04-30 10:09 . 2011-04-30 10:09 -------- d-----w- c:\windows\ServicePackFiles
2011-04-29 04:52 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 04:52 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 02:09 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-29 02:09 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-29 02:09 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 02:09 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-29 02:09 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-29 02:09 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-29 02:09 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-29 02:09 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-29 02:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-29 02:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\program files\AVAST Software
2011-04-29 02:08 . 2011-04-29 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-26 13:31 . 2011-04-26 13:31 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\PackageAware
2011-04-24 17:11 . 2011-04-24 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-24 14:17 . 2011-04-24 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-14 12:32 . 2011-04-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-04-14 12:11 . 2011-04-14 12:11 -------- d-----w- c:\documents and settings\Delbert Carr\Local Settings\Application Data\AVG Security Toolbar
2011-04-14 02:26 . 2011-04-14 02:28 -------- dc-h--w- c:\windows\ie8
2011-04-02 16:52 . 2011-04-02 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 00:37 . 2010-06-20 14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-01 00:37 . 2008-02-22 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-07 05:33 . 2008-04-14 22:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 22:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2007-08-14 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-08-14 02:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2007-08-14 02:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-14 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 22:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 22:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 08:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 22:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2008-04-14 22:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2008-04-14 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 22:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-04-14 22:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-18 17:53 . 2011-03-24 12:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-01_01.01.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-02 00:39 . 2011-05-02 00:39 16384 c:\windows\temp\Perflib_Perfdata_790.dat
+ 2008-10-29 01:34 . 2011-05-02 01:12 71732 c:\windows\system32\perfc009.dat
- 2008-10-29 01:34 . 2011-05-01 00:32 71732 c:\windows\system32\perfc009.dat
+ 2008-10-29 01:34 . 2011-05-02 01:12 442466 c:\windows\system32\perfh009.dat
- 2008-10-29 01:34 . 2011-05-01 00:32 442466 c:\windows\system32\perfh009.dat
+ 2011-05-01 15:21 . 2011-05-01 15:21 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-05-01 15:21 . 2011-05-01 15:21 311456 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2009-04-04 06:55 . 2011-05-02 01:00 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-04 06:55 . 2011-04-30 00:59 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-04-12 00:19 . 2011-04-12 00:19 2871968 c:\windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
"Starfield Updater"="c:\program files\Starfield\WorkspaceUpdate.exe" [2011-02-17 33984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-25 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-07-10 23:20 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 06:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-02-25 05:29 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
2009-10-31 13:07 271688 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
2009-10-31 13:08 247112 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3242:TCP"= 3242:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/28/2011 7:09 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/28/2011 7:09 PM 307288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2011 7:09 PM 19544]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1215216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 6:02 AM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Delbert Carr\Application Data\Mozilla\Firefox\Profiles\ehxjen98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ProcessQuickLink 2_is1 - c:\program files\Uniblue\ProcessQuickLink 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 18:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-01 18:15:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 01:15
ComboFix2.txt 2011-05-01 01:05
ComboFix3.txt 2011-04-30 05:28
.
Pre-Run: 46,436,642,816 bytes free
Post-Run: 46,466,031,616 bytes free
.
- - End Of File - - F6BCE2BE60C5FC35D0D5715F044F286A

 

[Bobbye]

If you have this program on the system, please remove it and download the current version below:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
=========================================
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Ares for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

I put Ares entries in the script for removal but you must be actively using it because the entries weren't removed. I recommend you go to Add/Remove Programs in the Control Panel and uninstall any Ares related entries. Then use Windows Explorer to go to My Computer> Double click on Local Drive(C)> Programs> find the Ares program folder and do a right click> Delete.

 

[Bobbye]

Threads are closed after 5 days of inactivity. Please send me a PM if the problem continues.