TechSpot

Internet Explorer pop ups

By cymikey10
Dec 8, 2010
  1. hi there
    I am having a problem with my internet explorer poping up with random advertisements. It only does it when i have closed all running software an dont use my comuter for a few minutes they then start to pop up.
    I have run malwarebytes and combofix which i will post the logs down the page.
    I tried to run Eset NOD32 Online AntiVirus Scanner but this was asking if proxy was set up?
    I will try to run gmer and dds if this helps and post the logs on here.

    Combofix log

    ComboFix 10-12-06.04 - michael 09/11/2010 22:41:05.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.155 [GMT 0:00]
    Running from: J:\ComboFix.exe
    AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
    .

    2012-04-12 08:59 . 2012-04-12 09:37 -------- d-----w- C:\Mum n Dads Laptop Files
    2012-03-15 20:28 . 2012-03-15 20:28 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Help
    2012-03-15 20:25 . 2012-03-15 20:25 5248 ----a-w- c:\windows\system32\giveio.sys
    2012-03-15 20:22 . 2012-03-15 20:32 -------- d-----w- c:\program files\SSC Service Utility
    2012-03-11 16:37 . 2012-03-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
    2012-03-03 14:48 . 2012-03-03 14:48 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Scansoft
    2012-02-26 20:25 . 2012-02-26 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2012-02-26 20:24 . 2012-02-26 20:24 -------- d-----w- c:\documents and settings\michael\Application Data\Nuance
    2012-02-26 19:59 . 2012-02-26 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
    2012-02-26 19:59 . 2010-07-16 18:59 -------- d-----w- c:\windows\speech
    2012-02-21 22:16 . 2012-02-21 22:16 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\WinAVI
    2012-02-21 22:16 . 2012-02-27 16:36 -------- d-----w- c:\program files\WinAVI Video Converter
    2010-11-09 13:25 . 2010-11-09 13:21 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-11-09 13:25 . 2010-11-09 13:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-11-09 13:24 . 2010-11-09 13:22 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-11-09 13:23 . 2010-11-09 13:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-09 13:23 . 2010-11-09 13:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-09 13:23 . 2010-11-09 15:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-11-09 13:23 . 2010-11-09 13:23 -------- d-----w- c:\program files\Symantec
    2010-11-09 13:20 . 2010-11-09 22:02 -------- d-----w- c:\windows\system32\drivers\N360
    2010-11-09 13:20 . 2010-11-09 13:21 -------- d-----w- c:\program files\Norton 360 Premier Edition
    2010-11-09 13:20 . 2010-11-09 13:20 -------- d-----w- c:\program files\Windows Sidebar
    2010-11-09 13:20 . 2010-11-09 13:20 -------- d-----w- c:\program files\NortonInstaller
    2010-11-07 15:11 . 2007-04-08 16:38 946312 ----a-w- c:\windows\system32\wPDFViewplus01.dll
    2010-11-07 15:10 . 2010-11-07 15:11 -------- d-----w- c:\program files\XSPPlat
    2010-11-07 15:06 . 2010-11-07 15:06 186880 ----a-w- c:\windows\Gmirea.exe
    2010-11-07 14:50 . 2010-11-07 14:57 -------- d-----w- c:\documents and settings\michael\Application Data\iktsoft
    2010-11-02 16:23 . 2006-12-02 06:22 479232 ----a-w- c:\windows\system32\msvcm80.dll
    2010-11-02 16:23 . 2010-11-02 16:23 -------- d-----w- c:\program files\MyXOFT
    2010-11-02 16:15 . 2010-11-08 14:52 -------- d-----w- c:\program files\Music Trio
    2010-11-02 15:55 . 2010-11-02 15:55 -------- d-----w- c:\documents and settings\michael\Application Data\Doblon
    2010-11-02 15:23 . 2010-11-02 15:23 -------- d-----w- c:\program files\Doblon

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-28 18:15 . 2010-07-13 15:37 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-10-28 18:15 . 2010-07-13 15:37 88 --sh--r- c:\documents and settings\All Users\Application Data\03BEF1D2A8.sys
    2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2010-09-18 11:23 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2009-05-19 09:23 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2009-05-19 09:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2005-12-05 11:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2009-05-19 09:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2009-05-19 09:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2009-05-19 09:19 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2005-12-05 11:41 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2006-06-15 11:31 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2005-12-05 11:41 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2005-12-05 11:41 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2010-02-25 10:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2009-05-19 09:19 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2005-12-05 11:41 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2009-05-19 09:24 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
    "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
    "OW1T3CYG7T"="c:\windows\Gmirea.exe" [2010-11-07 186880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
    "VTTimer"="VTTimer.exe" [2005-03-07 53248]
    "VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "AOL_Demo"="c:\applications\Tool\AOL Demo\DSGDemo.exe" [2005-12-01 177178]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [09/11/2010 15:26 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [09/11/2010 15:25 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [09/11/2010 15:25 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101201.001\IDSXpx86.sys [09/11/2010 13:43 341944]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [07/03/2010 11:11 390528]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [23/03/2010 18:26 711352]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [23/03/2010 18:26 711352]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/11/2010 19:03 102448]
    R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 16:42 6528]
    S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [09/11/2010 15:24 117640]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
    S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/02/2010 09:47 721904]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-09 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    - c:\windows\Gmirea.exe [2010-11-07 15:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-09 23:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3296923419-416603358-497765969-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA0DB758-EF64-6991-E085-D0FCE315193A}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "jadihbnhefjddgapgnpp"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,
    67,6e,6e,65,6a,00,00
    "iajebdmfkcagbiijok"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,67,
    6e,6e,65,6a,00,7c
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(14640)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-11-09 23:25:03
    ComboFix-quarantined-files.txt 2010-11-09 23:24

    Pre-Run: 21,554,262,016 bytes free
    Post-Run: 21,735,727,104 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - DEFF2C2C31F03C3FD4BD88F194199A52


    Malwarebytes log before deleting viruses produced this log >>

    Malwarebytes' Anti-Malware 1.44
    Database version: 3788
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    09/11/2010 00:47:43
    mbam-log-2010-11-09 (00-47-43).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 204185
    Time elapsed: 3 hour(s), 59 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\michael\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.


    Then when i scanned again it produced this log >>

    Malwarebytes' Anti-Malware 1.44
    Database version: 3788
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    09/11/2010 18:36:52
    mbam-log-2010-11-09 (18-36-52).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 184926
    Time elapsed: 2 hour(s), 41 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Now m,alwarebytes does not find anything.
    Hope someone can help
    Thanks
    Michael
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Here are the steps we ask you to follow:
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Please note: There is a post in the Virus and Malware forum that specifically instructs not to use Combofix unless instructed to do so by your helper.

    We need one log- not before and after unless something is done within a program that produces a new log. You don't have to run Mbam again. Understand that cleaning program are also run in a specific order, not randomly.

    Please run DDS (2 logs) and GMER.
     
  3. cymikey10

    cymikey10 TS Rookie Topic Starter

    Thanks for the fast reply.
    I used combofix as i have previously had a virus similar and i used to use combofix for this but this time the method did not work. Iave done as you asked and have posted the logs below. I would also like to add the threat that norton 360 keeps popping up with constantly saying an intrusion attempt was blocked. aplication path \device\harddiskvolume1\windows\gmirea.exe.

    DDS log >>>

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/02/2010 22:37:44
    System Uptime: 10/11/2010 01:03:18 (18 hours ago)

    Motherboard: DIXONSXP | | P4M800P7MB
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3054/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 73 GiB total, 19.956 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP126: 08/08/2010 08:53:24 - System Checkpoint
    RP127: 09/08/2010 19:23:20 - System Checkpoint
    RP128: 10/08/2010 19:51:12 - System Checkpoint
    RP129: 11/08/2010 20:51:24 - System Checkpoint
    RP130: 12/08/2010 21:27:15 - System Checkpoint
    RP131: 13/08/2010 22:27:13 - System Checkpoint
    RP132: 14/08/2010 23:53:43 - System Checkpoint
    RP133: 16/08/2010 00:03:15 - System Checkpoint
    RP134: 17/08/2010 00:51:44 - System Checkpoint
    RP135: 18/08/2010 04:41:09 - System Checkpoint
    RP136: 19/08/2010 21:36:02 - Software Distribution Service 3.0
    RP137: 20/08/2010 22:12:02 - System Checkpoint
    RP138: 22/08/2010 18:24:09 - System Checkpoint
    RP139: 24/08/2010 14:49:32 - System Checkpoint
    RP140: 25/08/2010 16:21:31 - System Checkpoint
    RP141: 26/08/2010 16:45:02 - System Checkpoint
    RP142: 27/08/2010 14:45:16 - Installed Corel Paint Shop Pro Photo X2.
    RP143: 28/08/2010 15:33:33 - System Checkpoint
    RP144: 29/08/2010 15:57:04 - System Checkpoint
    RP145: 30/08/2010 16:58:05 - System Checkpoint
    RP146: 01/09/2010 03:00:21 - Software Distribution Service 3.0
    RP147: 02/09/2010 03:09:06 - System Checkpoint
    RP148: 03/09/2010 04:21:06 - System Checkpoint
    RP149: 04/09/2010 05:09:07 - System Checkpoint
    RP150: 05/09/2010 05:13:39 - System Checkpoint
    RP151: 06/09/2010 05:30:21 - System Checkpoint
    RP152: 07/09/2010 05:57:08 - System Checkpoint
    RP153: 08/09/2010 03:00:21 - Software Distribution Service 3.0
    RP154: 09/09/2010 03:09:08 - System Checkpoint
    RP155: 10/09/2010 03:45:07 - System Checkpoint
    RP156: 11/09/2010 03:57:09 - System Checkpoint
    RP157: 12/09/2010 04:09:10 - System Checkpoint
    RP158: 13/09/2010 04:48:45 - System Checkpoint
    RP159: 14/09/2010 05:44:37 - System Checkpoint
    RP160: 16/09/2010 01:38:14 - System Checkpoint
    RP161: 16/09/2010 03:00:21 - Software Distribution Service 3.0
    RP162: 16/09/2010 03:27:31 - Installed Rapport
    RP163: 17/09/2010 14:07:22 - System Checkpoint
    RP164: 18/09/2010 16:37:31 - System Checkpoint
    RP165: 22/09/2010 22:30:15 - System Checkpoint
    RP166: 24/09/2010 01:27:33 - System Checkpoint
    RP167: 25/09/2010 02:53:35 - System Checkpoint
    RP168: 26/09/2010 05:12:06 - System Checkpoint
    RP169: 27/09/2010 17:18:50 - System Checkpoint
    RP170: 02/10/2010 20:56:06 - System Checkpoint
    RP171: 04/10/2010 02:10:51 - System Checkpoint
    RP172: 05/10/2010 02:49:22 - System Checkpoint
    RP173: 06/10/2010 16:32:11 - System Checkpoint
    RP174: 07/10/2010 19:55:24 - System Checkpoint
    RP175: 08/10/2010 12:00:26 - Removed Adobe Reader 7.0
    RP176: 08/10/2010 12:01:22 - Installed Adobe Reader 9.
    RP177: 09/10/2010 16:12:37 - System Checkpoint
    RP178: 10/10/2010 21:01:56 - System Checkpoint
    RP179: 11/10/2010 22:34:07 - System Checkpoint
    RP180: 13/10/2010 00:36:38 - System Checkpoint
    RP181: 14/10/2010 01:46:40 - System Checkpoint
    RP182: 14/10/2010 03:00:23 - Software Distribution Service 3.0
    RP183: 15/10/2010 04:53:38 - System Checkpoint
    RP184: 16/10/2010 05:32:21 - System Checkpoint
    RP185: 17/10/2010 06:24:43 - System Checkpoint
    RP186: 18/10/2010 09:25:13 - System Checkpoint
    RP187: 19/10/2010 09:25:43 - System Checkpoint
    RP188: 20/10/2010 10:49:23 - System Checkpoint
    RP189: 21/10/2010 13:49:22 - System Checkpoint
    RP190: 22/10/2010 16:17:51 - System Checkpoint
    RP191: 31/10/2010 13:49:53 - System Checkpoint
    RP192: 01/11/2010 14:38:22 - System Checkpoint
    RP193: 02/11/2010 19:36:18 - System Checkpoint
    RP194: 03/11/2010 19:43:11 - System Checkpoint
    RP195: 09/11/2010 13:08:39 - Removed Cypress USB Mass Storage Driver Installation
    RP196: 09/11/2010 13:08:52 - Removed Napster
    RP197: 09/11/2010 15:08:57 - Norton 360 Registry Clean
    RP198: 10/11/2010 00:06:07 - IObit Uninstaller RestorePoint

    ==== Installed Programs ======================


    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Reader 9.2
    CCleaner
    Corel Paint Shop Pro Photo X2
    Cross Stitch Professional Platinum Demo (No save, print only ex
    DivX Setup
    DSS DJ 5.6
    Epson Easy Photo Print 2
    Epson Event Manager
    EPSON Scan
    Epson Stylus SX110_TX110 Manual
    EPSON SX110 Series Printer Uninstall
    EPSON Web-To-Page
    ESET Online Scanner v3
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImagXpress
    Karaoke CD+G Creator Pro
    Magic ISO Maker v5.5 (build 0274)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MP3 Player
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    neroxml
    Norton 360 Premier Edition
    OCA Client history tool install
    On2 VP7 Personal Edition
    Photo Story 3 for Windows
    Power2Go 4.0
    PowerDVD
    PowerISO
    QuickTime
    Rapport
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Roxio Burn Engine
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shareaza 2.5.2.0
    SSC Service Utility v4.30
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    VC80CRTRedist - 8.0.50727.4053
    VIA/S3G Display Driver
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WYSIWYG Web Builder 6
    Xiph.Org Open Codecs 0.84.17338

    ==== Event Viewer Messages From Past Week ========

    10/11/2010 01:04:16, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'EraserUtilRebootDrv.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    09/11/2010 23:37:42, error: System Error [1003] - Error code 10000050, parameter1 f790dc42, parameter2 00000008, parameter3 80541804, parameter4 00000000.
    09/11/2010 22:33:26, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    09/11/2010 22:32:52, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    09/11/2010 19:22:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
    09/11/2010 15:23:40, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
    09/11/2010 13:39:29, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton 360 service, but this action failed with the following error: An instance of the service is already running.
    09/11/2010 13:37:30, error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/11/2010 12:22:10, error: W32Time [34] - The time service has detected that the system time needs to be changed by +2418974 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.102:123->207.46.197.32:123) is working properly.
    07/11/2010 19:47:35, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
    07/11/2010 13:23:02, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    07/11/2010 13:22:24, error: W32Time [34] - The time service has detected that the system time needs to be changed by +2418976 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.102:123->207.46.197.32:123) is working properly.
    03/11/2010 09:40:04, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

    ==== End Of File ===========================

    DDS >>>>


    DDS (Ver_10-12-05.01) - NTFSx86
    Run by michael at 19:47:01.26 on 10/11/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.53 [GMT 0:00]

    AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Gmirea.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
    J:\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\razawebhook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
    uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
    uRun: [Shareaza] "c:\program files\shareaza\Shareaza.exe" -tray
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
    uRun: [OW1T3CYG7T] c:\windows\Gmirea.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\docume~1\michael\locals~1\temp\E_S72.tmp" /EF "HKCU"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267102204078
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-11-9 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-11-9 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-11-9 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101208.001\IDSXpx86.sys [2010-11-10 341944]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-7 390528]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
    R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101207.039\NAVENG.SYS [2010-11-10 86064]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101207.039\NAVEX15.SYS [2010-11-10 1371184]
    S2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.8.0.41\ccSvcHst.exe [2010-11-9 117640]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]
    S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2012-04-12 08:59:56 -------- d-----w- C:\Mum n Dads Laptop Files
    2012-03-15 20:28:03 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Help
    2012-03-15 20:25:15 5248 ----a-w- c:\windows\system32\giveio.sys
    2012-03-15 20:22:23 -------- d-----w- c:\program files\SSC Service Utility
    2012-03-11 16:37:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MGS
    2012-03-03 14:48:41 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Scansoft
    2012-02-26 20:55:49 -------- d-----w- c:\windows\pss
    2012-02-26 20:24:44 -------- d-----w- c:\docume~1\michael\applic~1\Nuance
    2012-02-26 19:59:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nuance
    2012-02-26 19:59:26 -------- d-----w- c:\windows\speech
    2012-02-21 22:16:49 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\WinAVI
    2012-02-21 22:16:12 -------- d-----w- c:\program files\WinAVI Video Converter
    2010-11-10 12:45:46 -------- d-----w- c:\program files\ESET
    2010-11-09 23:52:05 -------- d-----w- c:\docume~1\michael\applic~1\IObit
    2010-11-09 23:31:19 -------- d-----w- C:\65ebec1e42c6f30e94598e9f346c
    2010-11-09 22:36:28 -------- d-sha-r- C:\cmdcons
    2010-11-09 22:30:47 89088 ----a-w- c:\windows\MBR.exe
    2010-11-09 22:30:46 98816 ----a-w- c:\windows\sed.exe
    2010-11-09 22:30:46 256512 ----a-w- c:\windows\PEV.exe
    2010-11-09 22:30:46 161792 ----a-w- c:\windows\SWREG.exe
    2010-11-09 15:26:01 217136 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symtdi.sys
    2010-11-09 15:26:00 89904 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symfw.sys
    2010-11-09 15:26:00 48688 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symndisv.sys
    2010-11-09 15:26:00 36400 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symndis.sys
    2010-11-09 15:26:00 33072 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symids.sys
    2010-11-09 15:26:00 310320 ----a-w- c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys
    2010-11-09 15:25:59 482432 ----a-w- c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys
    2010-11-09 15:25:59 43696 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtspx.sys
    2010-11-09 15:25:59 308272 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtsp.sys
    2010-11-09 15:25:58 259632 ----a-w- c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys
    2010-11-09 15:24:05 -------- d-----w- c:\windows\system32\drivers\n360\0308000.029
    2010-11-09 13:25:21 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-11-09 13:25:20 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-11-09 13:24:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-11-09 13:23:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-09 13:23:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-09 13:23:51 -------- d-----w- c:\program files\Symantec
    2010-11-09 13:23:51 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-11-09 13:20:37 -------- d-----w- c:\windows\system32\drivers\N360
    2010-11-09 13:20:32 -------- d-----w- c:\program files\Norton 360 Premier Edition
    2010-11-09 13:20:06 -------- d-----w- c:\program files\NortonInstaller
    2010-11-07 15:11:42 946312 ----a-w- c:\windows\system32\wPDFViewplus01.dll
    2010-11-07 15:10:08 -------- d-----w- c:\program files\XSPPlat
    2010-11-07 15:06:54 186880 ----a-w- c:\windows\Gmirea.exe
    2010-11-07 14:50:41 -------- d-----w- c:\docume~1\michael\applic~1\iktsoft
    2010-11-02 16:23:10 479232 ----a-w- c:\windows\system32\msvcm80.dll
    2010-11-02 16:23:09 -------- d-----w- c:\program files\MyXOFT
    2010-11-02 16:15:50 -------- d-----w- c:\program files\Music Trio
    2010-11-02 15:55:39 -------- d-----w- c:\docume~1\michael\applic~1\Doblon
    2010-11-02 15:23:34 -------- d-----w- c:\program files\Doblon

    ==================== Find3M ====================

    2010-10-28 18:27:24 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-10-28 18:15:23 2672 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2010-10-28 18:15:17 88 --sh--r- c:\docume~1\alluse~1\applic~1\03BEF1D2A8.sys
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 16:05:29 88 --sh--r- c:\windows\system32\6B2458520D.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 19:49:18.18 ===============


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-10 19:55:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA2AA
    Running: hc0314r8.exe; Driver: C:\DOCUME~1\michael\LOCALS~1\Temp\pxtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    Thanks for reading.
    Kind regards
    Michael
     
  4. cymikey10

    cymikey10 TS Rookie Topic Starter

    I do apologise for the dates being out on my computer, i hope this does not complicate things.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Don't apologize! Correct the time problem and rescan. I have to know when a scan was actually done and your computer depends on the time being correctly set:

    To check and correct time settings:

    Right click on the clock> Adjust Date/Time> Be sure the correct date and time are showing on the screen that comes up> Make sure your correct time zone is set and that 'adjust for daylight savings time' boxes are set> When you get to the Internet Time Server, click on Update now and wait for it.

    The antivirus program and any auto-update you have are time sensitive.
     
  6. cymikey10

    cymikey10 TS Rookie Topic Starter

    I have followed your instructions to correct the time and rescanned my computer, here are the logs created.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-09 21:43:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA2AA
    Running: hc0314r8.exe; Driver: C:\DOCUME~1\michael\LOCALS~1\Temp\pxtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/02/2010 22:37:44
    System Uptime: 08/12/2010 00:59:31 (45 hours ago)

    Motherboard: DIXONSXP | | P4M800P7MB
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3054/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 73 GiB total, 21.083 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP156: 11/09/2010 03:57:09 - System Checkpoint
    RP157: 12/09/2010 04:09:10 - System Checkpoint
    RP158: 13/09/2010 04:48:45 - System Checkpoint
    RP159: 14/09/2010 05:44:37 - System Checkpoint
    RP160: 16/09/2010 01:38:14 - System Checkpoint
    RP161: 16/09/2010 03:00:21 - Software Distribution Service 3.0
    RP162: 16/09/2010 03:27:31 - Installed Rapport
    RP163: 17/09/2010 14:07:22 - System Checkpoint
    RP164: 18/09/2010 16:37:31 - System Checkpoint
    RP165: 22/09/2010 22:30:15 - System Checkpoint
    RP166: 24/09/2010 01:27:33 - System Checkpoint
    RP167: 25/09/2010 02:53:35 - System Checkpoint
    RP168: 26/09/2010 05:12:06 - System Checkpoint
    RP169: 27/09/2010 17:18:50 - System Checkpoint
    RP170: 02/10/2010 20:56:06 - System Checkpoint
    RP171: 04/10/2010 02:10:51 - System Checkpoint
    RP172: 05/10/2010 02:49:22 - System Checkpoint
    RP173: 06/10/2010 16:32:11 - System Checkpoint
    RP174: 07/10/2010 19:55:24 - System Checkpoint
    RP175: 08/10/2010 12:00:26 - Removed Adobe Reader 7.0
    RP176: 08/10/2010 12:01:22 - Installed Adobe Reader 9.
    RP177: 09/10/2010 16:12:37 - System Checkpoint
    RP178: 10/10/2010 21:01:56 - System Checkpoint
    RP179: 11/10/2010 22:34:07 - System Checkpoint
    RP180: 13/10/2010 00:36:38 - System Checkpoint
    RP181: 14/10/2010 01:46:40 - System Checkpoint
    RP182: 14/10/2010 03:00:23 - Software Distribution Service 3.0
    RP183: 15/10/2010 04:53:38 - System Checkpoint
    RP184: 16/10/2010 05:32:21 - System Checkpoint
    RP185: 17/10/2010 06:24:43 - System Checkpoint
    RP186: 18/10/2010 09:25:13 - System Checkpoint
    RP187: 19/10/2010 09:25:43 - System Checkpoint
    RP188: 20/10/2010 10:49:23 - System Checkpoint
    RP189: 21/10/2010 13:49:22 - System Checkpoint
    RP190: 22/10/2010 16:17:51 - System Checkpoint
    RP191: 31/10/2010 13:49:53 - System Checkpoint
    RP192: 01/11/2010 14:38:22 - System Checkpoint
    RP193: 02/11/2010 19:36:18 - System Checkpoint
    RP194: 03/11/2010 19:43:11 - System Checkpoint
    RP195: 09/11/2010 13:08:39 - Removed Cypress USB Mass Storage Driver Installation
    RP196: 09/11/2010 13:08:52 - Removed Napster
    RP197: 09/11/2010 15:08:57 - Norton 360 Registry Clean
    RP198: 10/11/2010 00:06:07 - IObit Uninstaller RestorePoint
    RP199: 09/12/2010 11:23:27 - System Checkpoint
    RP200: 09/12/2010 13:12:00 - Installed WinStitch Demo Version

    ==== Installed Programs ======================


    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Reader 9.2
    CCleaner
    Corel Paint Shop Pro Photo X2
    Cross Stitch Professional Platinum Demo (No save, print only ex
    DivX Setup
    DSS DJ 5.6
    Epson Easy Photo Print 2
    Epson Event Manager
    EPSON Scan
    Epson Stylus SX110_TX110 Manual
    EPSON SX110 Series Printer Uninstall
    EPSON Web-To-Page
    ESET Online Scanner v3
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImagXpress
    Karaoke CD+G Creator Pro
    Magic ISO Maker v5.5 (build 0274)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MP3 Player
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    myriaCross Converter 1.01.05
    neroxml
    Norton 360 Premier Edition
    OCA Client history tool install
    On2 VP7 Personal Edition
    Photo Story 3 for Windows
    Power2Go 4.0
    PowerDVD
    PowerISO
    QuickTime
    Rapport
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Roxio Burn Engine
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shareaza 2.5.2.0
    SSC Service Utility v4.30
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    VC80CRTRedist - 8.0.50727.4053
    VIA/S3G Display Driver
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinStitch Demo Version
    WYSIWYG Web Builder 6
    Xiph.Org Open Codecs 0.84.17338

    ==== Event Viewer Messages From Past Week ========

    09/12/2010 20:38:54, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
    09/12/2010 08:55:28, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

    ==== End Of File ===========================



    DDS (Ver_10-12-05.01) - NTFSx86
    Run by michael at 21:09:48.87 on 09/12/2010
    Internet Explorer: 8.0.6001.18702

    ============== Running Processes ===============

    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
    C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
    C:\WINDOWS\Gmirea.exe
    J:\dds.scr
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k imgsvc

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\razawebhook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
    uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
    uRun: [Shareaza] "c:\program files\shareaza\Shareaza.exe" -tray
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
    uRun: [OW1T3CYG7T] c:\windows\Gmirea.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\docume~1\michael\locals~1\temp\E_S72.tmp" /EF "HKCU"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267102204078
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R? EraserUtilDrv10910;EraserUtilDrv10910
    R? FXDRV;FXDRV
    R? N360;Norton 360
    S? BHDrvx86;Symantec Heuristics Driver
    S? ccHP;Symantec Hash Provider
    S? genmcmnUSB;USB Scroll Mouse Driver
    S? IDSxpx86;IDSxpx86
    S? NAVENG;NAVENG
    S? NAVEX15;NAVEX15
    S? RapportBuka;RapportBuka
    S? RapportCerberus_19917;RapportCerberus_19917
    S? RapportKELL;RapportKELL
    S? RapportMgmtService;Rapport Management Service
    S? RapportPG;RapportPG
    S? SymEFA;Symantec Extended File Attributes

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2012-04-12 08:59:56 -------- d-----w- C:\Mum n Dads Laptop Files
    2012-03-15 20:28:03 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Help
    2012-03-15 20:25:15 5248 ----a-w- c:\windows\system32\giveio.sys
    2012-03-15 20:22:23 -------- d-----w- c:\program files\SSC Service Utility
    2012-03-11 16:37:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MGS
    2012-03-03 14:48:41 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Scansoft
    2012-02-26 20:55:49 -------- d-----w- c:\windows\pss
    2012-02-26 20:24:44 -------- d-----w- c:\docume~1\michael\applic~1\Nuance
    2012-02-26 19:59:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nuance
    2012-02-26 19:59:26 -------- d-----w- c:\windows\speech
    2012-02-21 22:16:49 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\WinAVI
    2012-02-21 22:16:12 -------- d-----w- c:\program files\WinAVI Video Converter
    2010-12-09 13:21:18 -------- d-----w- c:\docume~1\michael\applic~1\myriaCrossConv
    2010-12-09 13:21:16 -------- d-----w- c:\program files\myriaCrossConv
    2010-12-09 13:12:09 -------- d-----w- c:\program files\WinStitch Demo Version
    2010-11-10 12:45:46 -------- d-----w- c:\program files\ESET
    2010-11-09 23:52:05 -------- d-----w- c:\docume~1\michael\applic~1\IObit
    2010-11-09 23:31:19 -------- d-----w- C:\65ebec1e42c6f30e94598e9f346c
    2010-11-09 22:36:28 -------- d-sha-r- C:\cmdcons
    2010-11-09 22:30:47 89088 ----a-w- c:\windows\MBR.exe
    2010-11-09 22:30:46 98816 ----a-w- c:\windows\sed.exe
    2010-11-09 22:30:46 256512 ----a-w- c:\windows\PEV.exe
    2010-11-09 22:30:46 161792 ----a-w- c:\windows\SWREG.exe

    ==================== Find3M ====================

    2010-11-09 13:23:51 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-09 13:21:38 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-11-07 15:06:24 186880 ----a-w- c:\windows\Gmirea.exe
    2010-10-28 18:27:24 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-10-28 18:15:23 2672 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2010-10-28 18:15:17 88 --sh--r- c:\docume~1\alluse~1\applic~1\03BEF1D2A8.sys
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

    ============= FINISH: 21:12:59.14 ===============
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you. The correct time setting should make the system work better.

    It appears you have another language on the system- is that correct? I was going to ask you about this process:
    I see the entry in the log but attempt to identify only gives non-English sites.

    I am setting up some script for you to run to remove some entries. While I am doing that, please run the 2 following scans:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==============================================
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      ========================================
      Download Combofix from one of these locations and save to your desktop:

      Link 1
      Link 2
      • Double click combofix.exe & follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      • Query- Recovery Console image
        [​IMG]
      • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
        [​IMG]
      • .Click on Yes, to continue scanning for malware
      • .If Combofix asks you to update the program, allow
      • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • .Close any open browsers.
      • .Double click combofix.exe[​IMG] & follow the prompts to run.
      • When the scan completes it will open a text window. Please paste that log in your next reply.
      Notes:
      1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  8. cymikey10

    cymikey10 TS Rookie Topic Starter

    Hi,
    I have no knowledge of another language on the system that seems very unusual to me. The gmirea.exe is sending norton anti-virus into overdrive with constant attempts to block it.
    Anyways i will now run the scans and reply as soon as possible.
    Thanks
    Michael
     
  9. cymikey10

    cymikey10 TS Rookie Topic Starter

    The ESET scan log >>>>>

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=1
    esets_scanner_update returned -1 esets_gle=41217
    esets_scanner_update returned -1 esets_gle=41217
    esets_scanner_update returned -1 esets_gle=1
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=aeca6894733d204eab5436c8d88f2e6f
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-11 07:01:18
    # local_time=2010-12-11 07:01:18 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3589 16777174 100 100 2678554 27991920 0 0
    # compatibility_mode=8192 67108863 100 0 2641783 2641783 0 0
    # scanned=87162
    # found=3
    # cleaned=0
    # scan_time=19567

    C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP197\A0038260.exe Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\Gmirea.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (unable to clean) 00000000000000000000000000000000 I
    ${Memory} Win32/TrojanDownloader.FakeAlert.AQI trojan 00000000000000000000000000000000 I

    Combofix on its way asap.
     
  10. cymikey10

    cymikey10 TS Rookie Topic Starter

    combofix log >>>>

    ComboFix 10-12-10.01 - michael 11/12/2010 14:15:35.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.142 [GMT 0:00]
    Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
    AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
    .

    2012-04-12 08:59 . 2012-04-12 09:37 -------- d-----w- C:\Mum n Dads Laptop Files
    2012-03-15 20:28 . 2012-03-15 20:28 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Help
    2012-03-15 20:25 . 2012-03-15 20:25 5248 ----a-w- c:\windows\system32\giveio.sys
    2012-03-15 20:22 . 2012-03-15 20:32 -------- d-----w- c:\program files\SSC Service Utility
    2012-03-11 16:37 . 2012-03-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
    2012-03-03 14:48 . 2012-03-03 14:48 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Scansoft
    2012-02-26 20:25 . 2012-02-26 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2012-02-26 20:24 . 2012-02-26 20:24 -------- d--h--w- c:\documents and settings\michael\Application Data\Nuance
    2012-02-26 19:59 . 2012-02-26 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
    2012-02-26 19:59 . 2010-07-16 18:59 -------- d-----w- c:\windows\speech
    2012-02-21 22:16 . 2012-02-21 22:16 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\WinAVI
    2012-02-21 22:16 . 2012-02-27 16:36 -------- d-----w- c:\program files\WinAVI Video Converter
    2010-12-11 14:01 . 2010-12-11 14:01 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Symantec
    2010-12-10 22:09 . 2010-12-11 00:03 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Corel
    2010-12-10 20:53 . 2010-12-10 20:58 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Ahead
    2010-12-10 20:46 . 2010-12-10 21:02 -------- d--h--w- c:\documents and settings\michael\Application Data\Ahead
    2010-12-10 20:45 . 2010-12-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2010-12-10 20:40 . 2010-12-10 20:43 -------- d-----w- c:\program files\Common Files\Ahead
    2010-12-10 20:40 . 2010-12-10 20:40 -------- d-----w- c:\program files\Nero
    2010-12-10 19:23 . 2010-12-10 19:25 -------- d-----w- C:\cf879e36f8bf4533509e6ebb38882192
    2010-12-10 17:23 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-12-10 17:23 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-12-10 17:22 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-12-10 17:22 . 2010-12-10 17:22 -------- d-----w- c:\windows\Logs
    2010-12-10 13:15 . 2010-04-12 03:01 47616 ----a-r- c:\windows\system32\LGScsiCommandService.exe
    2010-12-10 13:15 . 2009-09-23 07:05 24576 ----a-r- c:\windows\system32\SendScsiCmd.dll
    2010-12-09 13:21 . 2010-12-09 13:21 -------- d--h--w- c:\documents and settings\michael\Application Data\myriaCrossConv
    2010-12-09 13:21 . 2010-12-09 13:22 -------- d-----w- c:\program files\myriaCrossConv
    2010-12-09 13:12 . 2010-12-09 13:40 -------- d-----w- c:\program files\WinStitch Demo Version

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 13:23 . 2010-11-09 13:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-09 13:23 . 2010-11-09 13:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-09 13:22 . 2010-11-09 15:26 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
    2010-11-09 13:22 . 2010-11-09 15:26 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
    2010-11-09 13:22 . 2010-11-09 15:26 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
    2010-11-09 13:22 . 2010-11-09 15:26 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
    2010-11-09 13:22 . 2010-11-09 15:26 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
    2010-11-09 13:22 . 2010-11-09 15:26 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
    2010-11-09 13:22 . 2010-11-09 13:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-11-09 13:22 . 2010-11-09 15:25 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
    2010-11-09 13:22 . 2010-11-09 15:25 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
    2010-11-09 13:22 . 2010-11-09 15:25 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
    2010-11-09 13:22 . 2010-11-09 15:25 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
    2010-11-09 13:22 . 2010-11-09 13:25 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-11-09 13:21 . 2010-11-09 13:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-11-07 15:06 . 2010-11-07 15:06 186880 ----a-w- c:\windows\Gmirea.exe
    2010-10-28 18:15 . 2010-07-13 15:37 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-10-28 18:15 . 2010-07-13 15:37 88 --sh--r- c:\documents and settings\All Users\Application Data\03BEF1D2A8.sys
    2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2010-09-18 11:23 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2009-05-19 09:23 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2009-05-19 09:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-09_23.00.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 00:02 . 2009-07-12 00:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2010-06-11 10:17 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
    - 2010-06-11 10:17 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
    + 2005-12-05 11:41 . 2010-12-11 06:08 71482 c:\windows\system32\perfc009.dat
    + 2007-05-16 09:18 . 2007-05-16 09:18 95864 c:\windows\system32\NeroCo.dll
    + 2005-12-05 11:41 . 2008-05-19 06:33 18944 c:\windows\system32\msisip.dll
    + 2005-12-05 11:41 . 2008-05-19 01:57 95744 c:\windows\system32\msiexec.exe
    + 2007-07-03 19:10 . 2007-07-03 19:10 11304 c:\windows\system32\drivers\imagedrv.sys
    + 2008-05-19 06:33 . 2008-05-19 06:33 18944 c:\windows\system32\dllcache\msisip.dll
    + 2008-05-19 01:57 . 2008-05-19 01:57 95744 c:\windows\system32\dllcache\msiexec.exe
    + 2010-04-07 23:57 . 2010-04-07 23:57 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    - 2010-04-07 22:48 . 2010-04-07 22:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2010-04-07 23:57 . 2010-04-07 23:57 17256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
    + 2010-12-10 20:44 . 2010-12-10 20:44 25214 c:\windows\Installer\{CF097717-F174-4144-954A-FBC4BF301033}\ARPPRODUCTICON.exe
    + 2010-12-09 13:13 . 2010-12-09 13:13 22486 c:\windows\Installer\{A4F323A5-B6CA-4BA5-8C49-29D4AAD0EC9D}\ext.exe
    + 2010-12-10 19:46 . 2010-12-10 19:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\45fe90943708016ccfe56c98c1778a9e\UIAutomationProvider.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\84745fd77ba5b3ca8837297f5258951b\System.Windows.Presentation.ni.dll
    + 2010-12-10 19:43 . 2010-12-10 19:43 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\5c39259018bf82fbaab6a6a8962ce7ad\PresentationFontCache.ni.exe
    + 2010-12-10 19:42 . 2010-12-10 19:42 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b69dfbadf2bd9c5315f7e44d0ce5f48a\PresentationCFFRasterizer.ni.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-05-14 02:14 . 2010-05-14 02:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2010-12-11 05:59 . 2010-12-11 05:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-12-11 05:56 . 2010-12-11 05:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-12-11 05:59 . 2010-12-11 05:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2010-12-11 05:56 . 2010-12-11 05:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-12-11 05:58 . 2010-12-11 05:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2005-12-05 11:41 . 2008-04-17 01:43 2560 c:\windows\system32\msimsg.dll
    - 2010-03-01 09:01 . 2010-10-28 18:27 2620 c:\windows\system32\KGyGaAvL.sys
    + 2010-03-01 09:01 . 2010-12-11 00:02 2620 c:\windows\system32\KGyGaAvL.sys
    + 2008-04-17 01:43 . 2008-04-17 01:43 2560 c:\windows\system32\dllcache\msimsg.dll
    + 2010-12-11 05:56 . 2010-12-11 05:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2010-12-11 05:58 . 2010-12-11 05:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2010-12-11 05:59 . 2010-12-11 05:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 00:05 . 2009-07-12 00:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2007-04-23 16:42 . 2007-04-23 16:42 972336 c:\windows\UNRecode.exe
    + 2007-06-26 14:12 . 2007-06-26 14:12 972072 c:\windows\UNNeroVision.exe
    + 2007-02-28 16:41 . 2007-02-28 16:41 972336 c:\windows\UNNeroShowTime.exe
    + 2007-06-27 19:05 . 2007-06-27 19:05 972072 c:\windows\UNNeroMediaHome.exe
    + 2007-03-20 21:22 . 2007-03-20 21:22 972336 c:\windows\UNNeroBackItUp.exe
    + 2000-10-02 00:00 . 2000-10-02 00:00 119568 c:\windows\system32\VB6FR.DLL
    + 2005-12-05 11:41 . 2010-12-11 06:08 441546 c:\windows\system32\perfh009.dat
    + 2005-12-05 11:41 . 2008-05-19 06:33 332800 c:\windows\system32\msihnd.dll
    - 2005-12-05 04:48 . 2010-11-09 12:21 148400 c:\windows\system32\FNTCACHE.DAT
    + 2005-12-05 04:48 . 2010-12-11 13:42 148400 c:\windows\system32\FNTCACHE.DAT
    + 2007-07-03 19:10 . 2007-07-03 19:10 132904 c:\windows\system32\drivers\imagesrv.sys
    + 2008-05-19 06:33 . 2008-05-19 06:33 332800 c:\windows\system32\dllcache\msihnd.dll
    - 2010-02-25 13:18 . 2010-02-25 13:18 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
    + 2010-12-10 19:28 . 2010-12-10 19:28 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
    - 2010-03-30 23:16 . 2010-03-30 23:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2010-03-30 01:06 . 2010-03-30 01:06 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    - 2010-04-07 22:48 . 2010-04-07 22:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    + 2010-04-07 23:57 . 2010-04-07 23:57 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    - 2010-04-07 22:48 . 2010-04-07 22:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-04-07 23:57 . 2010-04-07 23:57 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-12-10 17:21 . 2010-12-10 17:21 219648 c:\windows\Installer\dcf8eec.msi
    + 2010-12-09 13:13 . 2010-12-09 13:13 660992 c:\windows\Installer\7c22c95.msi
    + 2010-12-09 13:13 . 2010-12-09 13:13 292878 c:\windows\Installer\{A4F323A5-B6CA-4BA5-8C49-29D4AAD0EC9D}\controlPanelIcon.exe
    + 2010-12-10 19:46 . 2010-12-10 19:46 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\228ebdddc05adb27269dcdf38de7624f\WindowsFormsIntegration.ni.dll
    + 2010-12-10 19:46 . 2010-12-10 19:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\2f5f8176b4bc93ae50cdd9fbe7734cda\UIAutomationClient.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a6d27554fe4d3a8007ae36a82d9238a0\System.Web.Extensions.Design.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\a5bf21476abfb5de16f604b677ee4709\System.Web.Entity.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\17c27d3041182d006e281d878ca04805\System.Web.Entity.Design.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ca0ba7bd725fdbb0775fdaae7f166922\System.Web.DynamicData.ni.dll
    + 2010-12-10 19:49 . 2010-12-10 19:49 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7590cef249cbced892e5ae88a460ee7e\System.IO.Log.ni.dll
    + 2010-12-10 19:49 . 2010-12-10 19:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\3fa9e7876b4bdffb2ced7714cdb0ffc2\System.IdentityModel.Selectors.ni.dll
    + 2010-12-10 20:13 . 2010-12-10 20:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2f9be72dc9b3fef5eb4ad17d77c770c0\SMSvcHost.ni.exe
    + 2010-12-10 20:13 . 2010-12-10 20:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\60631a32aa897e77172d6d92540f7ed2\SMDiagnostics.ni.dll
    + 2010-12-10 20:12 . 2010-12-10 20:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5e999d4cc2ee886578eedc2d8443c564\ServiceModelReg.ni.exe
    + 2010-12-10 19:45 . 2010-12-10 19:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ddd004a87d940b58ae99c93ed1cf4fca\PresentationFramework.Luna.ni.dll
    + 2010-12-10 19:45 . 2010-12-10 19:45 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cbb581129b3a3d4c28da8a1143567473\PresentationFramework.Classic.ni.dll
    + 2010-12-10 19:45 . 2010-12-10 19:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0c33fb20e785a30c3cf2f3ab8e556896\PresentationFramework.Royale.ni.dll
    + 2010-12-10 19:45 . 2010-12-10 19:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\05075a3984f571564b846f050e23bb9b\PresentationFramework.Aero.ni.dll
    + 2010-12-10 20:12 . 2010-12-10 20:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\053aaaeb3a5c0e790b7098e45af7943c\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-12-10 20:11 . 2010-12-10 20:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\d808af04281946dae01e2bdbf68d4020\ComSvcConfig.ni.exe
    - 2010-09-08 02:04 . 2010-09-08 02:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-12-11 06:02 . 2010-12-11 06:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2010-05-14 02:14 . 2010-05-14 02:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 442368 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-12-11 05:56 . 2010-12-11 05:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-12-11 05:58 . 2010-12-11 05:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-12-11 06:02 . 2010-12-11 06:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-12-11 06:01 . 2010-12-11 06:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-12-11 05:59 . 2010-12-11 05:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2010-05-14 02:14 . 2010-05-14 02:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2010-12-11 05:56 . 2010-12-11 05:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2010-12-11 05:56 . 2010-12-11 05:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2010-12-11 06:00 . 2010-12-11 06:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2010-12-11 05:59 . 2010-12-11 05:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 00:02 . 2009-07-12 00:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2005-12-05 11:41 . 2008-05-19 06:33 4445184 c:\windows\system32\msi.dll
    + 2008-05-19 06:33 . 2008-05-19 06:33 4445184 c:\windows\system32\dllcache\msi.dll
    + 2010-04-07 23:57 . 2010-04-07 23:57 5988352 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2010-12-10 20:44 . 2010-12-10 20:44 6425600 c:\windows\Installer\e8495f0.msi
    + 2009-02-05 02:35 . 2009-02-05 02:35 1847296 c:\windows\Installer\dcf8ef3.msp
    + 2009-02-05 02:47 . 2009-02-05 02:47 3762176 c:\windows\Installer\dcf8ef2.msp
    + 2010-12-10 19:42 . 2010-12-10 19:42 3346944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ea0fe802a8d6273584fd0d8d83d6b41d\WindowsBase.ni.dll
    + 2010-12-10 19:46 . 2010-12-10 19:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b4f167b8ccc14707daf8a8c69a405088\UIAutomationClientsideProviders.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f2e18b90264824d1e712455d498ed2e2\System.WorkflowServices.ni.dll
    + 2010-12-10 20:24 . 2010-12-10 20:24 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\41a7effc0106a6540154b3aaffc13839\System.Web.Extensions.ni.dll
    + 2010-12-10 20:23 . 2010-12-10 20:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\738b2083f10ecf382c79ba9cef7c925f\System.ServiceModel.Web.ni.dll
    + 2010-12-10 19:50 . 2010-12-10 19:50 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb02f4c55bd1221dff95b8f47028b110\System.Runtime.Serialization.ni.dll
    + 2010-12-10 19:46 . 2010-12-10 19:46 1039872 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\dcf1b87de50756d8ba09edbddbd6d28c\System.Printing.ni.dll
    + 2010-12-10 19:49 . 2010-12-10 19:49 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\76bfd39192229553f41ce5b47e612e85\System.IdentityModel.ni.dll
    + 2010-12-10 20:17 . 2010-12-10 20:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\acd989c1bb0e029fd9977b2831a13606\System.Data.Services.ni.dll
    + 2010-12-10 19:45 . 2010-12-10 19:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44c365291bef4d0b6405e36aed6946c0\System.Data.Linq.ni.dll
    + 2010-12-10 20:16 . 2010-12-10 20:16 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\3a7df9a71c9ca92aabd4d25d9a33f2f1\System.Data.Entity.ni.dll
    + 2010-12-10 19:45 . 2010-12-10 19:45 2132480 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\0f8348b87c4ba0db21300776cd32dcd7\ReachFramework.ni.dll
    + 2010-12-10 19:45 . 2010-12-10 19:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\e81d048e9786bdac57fed08798e7e5a4\PresentationUI.ni.dll
    + 2010-12-10 20:12 . 2010-12-10 20:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\62e0c26ec987543dc8a565031966f38c\Microsoft.Transactions.Bridge.ni.dll
    - 2010-06-13 02:08 . 2010-06-13 02:08 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-09-08 02:06 . 2010-09-08 02:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2010-12-10 19:29 . 2010-12-10 19:29 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 5988352 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2010-09-08 02:04 . 2010-09-08 02:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2010-12-11 05:55 . 2010-12-11 05:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2010-06-13 02:08 . 2010-06-13 02:08 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2010-09-08 02:05 . 2010-09-08 02:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-12-11 06:01 . 2010-12-11 06:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-12-10 19:26 . 2010-12-10 19:26 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2010-02-25 12:15 . 2010-10-14 02:00 35758536 c:\windows\system32\MRT.exe
    + 2010-02-25 12:15 . 2010-11-02 16:47 35758536 c:\windows\system32\MRT.exe
    + 2010-12-10 20:10 . 2010-12-10 20:10 17472000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0f3a3e28edaed5ce0557d47a16d00ac3\System.ServiceModel.ni.dll
    + 2010-12-10 19:44 . 2010-12-10 19:44 14337536 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\587a2ac10537e302fbc41824838c3527\PresentationFramework.ni.dll
    + 2010-12-10 19:43 . 2010-12-10 19:43 12236288 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ff22625699b842663d9f04d4c9dc85a4\PresentationCore.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
    "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
    "OW1T3CYG7T"="c:\windows\Gmirea.exe" [2010-11-07 186880]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
    "VTTimer"="VTTimer.exe" [2005-03-07 53248]
    "VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "AOL_Demo"="c:\applications\Tool\AOL Demo\DSGDemo.exe" [2005-12-01 177178]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [09/11/2010 15:26 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [09/11/2010 15:25 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [09/11/2010 15:25 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101208.001\IDSXpx86.sys [10/11/2010 05:34 341944]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [07/03/2010 11:11 390528]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
    R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [10/12/2010 13:15 47616]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/12/2010 15:30 102448]
    R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 16:42 6528]
    S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [09/11/2010 15:24 117640]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
    S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/02/2010 09:47 721904]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-11 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    - c:\windows\Gmirea.exe [2010-11-07 15:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-11 14:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3296923419-416603358-497765969-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA0DB758-EF64-6991-E085-D0FCE315193A}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "jadihbnhefjddgapgnpp"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,
    67,6e,6e,65,6a,00,00
    "iajebdmfkcagbiijok"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,67,
    6e,6e,65,6a,00,7c
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(14696)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
    c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
    c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-12-11 15:23:47
    ComboFix-quarantined-files.txt 2010-12-11 15:23
    ComboFix2.txt 2010-11-09 23:25

    Pre-Run: 20,399,464,448 bytes free
    Post-Run: 22,940,008,448 bytes free

    - - End Of File - - 704B1EB8A4462D9988D7FF38DD6B1B50
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It looks like you got the Fake Alert Trojan Downloader on 11/07/2010. It is also in the scheduled tasks folder. You did a torrent download of a program named XSPPlat. Whether it was the program or the site where you did the download, please understand that you infected the system doing file sharing. And the malware has been reporting on you since 11/07/2010, with connections to the internet. I don't know how much damage it's done or what information of yours might have been taken. But I would consider the system compromised and advise you to reformat and reinstall.
    ============================================
    P2P or 'file sharing' Warning:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    =======================================
    You can remove the present entries, but since it's in memory, you can expect it back
    ========================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      :Files 
      C:\WINDOWS\Gmirea.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\Gmirea.exe
    Folder::
    c:\program files\XSPPlat
    c:\documents and settings\michael\Application Data\iktsoft
    
    DDS:: 
    uRun: [OW1T3CYG7T] c:\windows\Gmirea.exe
    mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe
    
    RegNull::
    [HKEY_USERS\S-1-5-21-3296923419-416603358-497765969-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA0DB758-EF64-6991-E085-D0FCE315193A}*]
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OW1T3CYG7T"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Control Panel> Scheduled Tasks> Remove from here:
    c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    - c:\windows\Gmirea.exe [2010-11-07 15:06]
     
  12. cymikey10

    cymikey10 TS Rookie Topic Starter

    Hi there,
    I ran OTMoveit and the log is below but i have had some problems with the combofix script.
    I copied and pasted the script and followed your instructions and when i dropped the txt file into combofix many pop ups came saying the file path maybe wrong or i do not have permission to open it (or along those lines) When i clicked ok to them all - around 10 of them - combofix went through its usual scans then my computer screen refreshed but didnt load explorer back up, i left this screen with just my background image on for an hour or so to make sure combofix wasnt running in the background then opened task manager to check the current processes. I tried to run explorer but it told me there wasnt enough resources to run this. I eventually restarted my computer through task manager normally and checked c:/combofix.txt to find the only combofix file has the my computer icon with c:\ drive inside it when i open it. The computer itself seems to be running normal so far but i dont want to try running combofix again or removing gmire.exe from the scheduled tasks until i got some advice from you.
    Thanks

    OTMovit log >>>>

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    C:\WINDOWS\Gmirea.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: michael
    ->Temp folder emptied: 1334857 bytes
    ->Temporary Internet Files folder emptied: 10626328 bytes
    ->Flash cache emptied: 1993344 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 555520 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 132146 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65712312 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 12122010_213605

    Files moved on Reboot...
    File C:\WINDOWS\temp\JETC166.tmp not found!
    C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat moved successfully.

    Registry entries deleted on Reboot...
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please try running the s cript in Combofixagain. There are entries that need to be removed.

    Keep in mind:
     
  14. cymikey10

    cymikey10 TS Rookie Topic Starter

    Thanks ive run combofix without any issues this time and here is the log >>>>

    ComboFix 10-12-12.03 - michael 13/12/2010 12:31:57.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.88 [GMT 0:00]
    Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\michael\Desktop\CFScript.txt
    AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    FILE ::
    "c:\windows\Gmirea.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\michael\Application Data\iktsoft
    c:\program files\XSPPlat
    c:\program files\XSPPlat\system\EVEN22.BMP
    c:\program files\XSPPlat\system\EVEN24.BMP
    c:\program files\XSPPlat\system\EVEN4.BMP
    c:\program files\XSPPlat\system\EVEN6.BMP
    c:\program files\XSPPlat\system\EVEN8.BMP
    c:\program files\XSPPlat\system\EVENR10.BMP
    c:\program files\XSPPlat\system\EVENR12.BMP
    c:\program files\XSPPlat\system\EVENR14.BMP
    c:\program files\XSPPlat\system\EVENR16.BMP
    c:\program files\XSPPlat\system\EVENR18.BMP
    c:\program files\XSPPlat\system\EVENR2.BMP
    c:\program files\XSPPlat\system\EVENR20.BMP
    c:\program files\XSPPlat\system\EVENR22.BMP
    c:\program files\XSPPlat\system\EVENR24.BMP
    c:\program files\XSPPlat\system\EVENR4.BMP
    c:\program files\XSPPlat\system\EVENR6.BMP
    c:\program files\XSPPlat\system\EVENR8.BMP
    c:\program files\XSPPlat\system\EVENRS10.BMP
    c:\program files\XSPPlat\system\EVENRS12.BMP
    c:\program files\XSPPlat\system\EVENRS14.BMP
    c:\program files\XSPPlat\system\EVENRS16.BMP
    c:\program files\XSPPlat\system\EVENRS18.BMP
    c:\program files\XSPPlat\system\EVENRS2.BMP
    c:\program files\XSPPlat\system\EVENRS20.BMP
    c:\program files\XSPPlat\system\EVENRS22.BMP
    c:\program files\XSPPlat\system\EVENRS24.BMP
    c:\program files\XSPPlat\system\EVENRS4.BMP
    c:\program files\XSPPlat\system\EVENRS6.BMP
    c:\program files\XSPPlat\system\EVENRS8.BMP
    c:\program files\XSPPlat\system\F0.WMF
    c:\program files\XSPPlat\system\F0Z10.BMP
    c:\program files\XSPPlat\system\F0Z12.BMP
    c:\program files\XSPPlat\system\F0Z14.BMP
    c:\program files\XSPPlat\system\F0Z16.BMP
    c:\program files\XSPPlat\system\F0Z18.BMP
    c:\program files\XSPPlat\system\F0Z2.BMP
    c:\program files\XSPPlat\system\F0Z20.BMP
    c:\program files\XSPPlat\system\F0Z22.BMP
    c:\program files\XSPPlat\system\F0Z24.BMP
    c:\program files\XSPPlat\system\F0Z4.BMP
    c:\program files\XSPPlat\system\F0Z6.BMP
    c:\program files\XSPPlat\system\F0Z8.BMP
    c:\program files\XSPPlat\system\F1.WMF
    c:\program files\XSPPlat\system\F10Z10.BMP
    c:\program files\XSPPlat\system\F10Z12.BMP
    c:\program files\XSPPlat\system\F10Z14.BMP
    c:\program files\XSPPlat\system\F10Z16.BMP
    c:\program files\XSPPlat\system\F10Z18.BMP
    c:\program files\XSPPlat\system\F10Z2.BMP
    c:\program files\XSPPlat\system\F10Z20.BMP
    c:\program files\XSPPlat\system\F10Z22.BMP
    c:\program files\XSPPlat\system\F10Z24.BMP
    c:\program files\XSPPlat\system\F10Z4.BMP
    c:\program files\XSPPlat\system\F10Z6.BMP
    c:\program files\XSPPlat\system\F10Z8.BMP
    c:\program files\XSPPlat\system\F1Z10.BMP
    c:\program files\XSPPlat\system\F1Z12.BMP
    c:\program files\XSPPlat\system\F1Z14.BMP
    c:\program files\XSPPlat\system\F1Z16.BMP
    c:\program files\XSPPlat\system\F1Z18.BMP
    c:\program files\XSPPlat\system\F1Z2.BMP
    c:\program files\XSPPlat\system\F1Z20.BMP
    c:\program files\XSPPlat\system\F1Z22.BMP
    c:\program files\XSPPlat\system\F1Z24.BMP
    c:\program files\XSPPlat\system\F1Z4.BMP
    c:\program files\XSPPlat\system\F1Z6.BMP
    c:\program files\XSPPlat\system\F1Z8.BMP
    c:\program files\XSPPlat\system\F2.WMF
    c:\program files\XSPPlat\system\F2Z10.BMP
    c:\program files\XSPPlat\system\F2Z12.BMP
    c:\program files\XSPPlat\system\F2Z14.BMP
    c:\program files\XSPPlat\system\F2Z16.BMP
    c:\program files\XSPPlat\system\F2Z18.BMP
    c:\program files\XSPPlat\system\F2Z2.BMP
    c:\program files\XSPPlat\system\F2Z20.BMP
    c:\program files\XSPPlat\system\F2Z22.BMP
    c:\program files\XSPPlat\system\F2Z24.BMP
    c:\program files\XSPPlat\system\F2Z4.BMP
    c:\program files\XSPPlat\system\F2Z6.BMP
    c:\program files\XSPPlat\system\F2Z8.BMP
    c:\program files\XSPPlat\system\F3.WMF
    c:\program files\XSPPlat\system\F3Z10.BMP
    c:\program files\XSPPlat\system\F3Z12.BMP
    c:\program files\XSPPlat\system\F3Z14.BMP
    c:\program files\XSPPlat\system\F3Z16.BMP
    c:\program files\XSPPlat\system\F3Z18.BMP
    c:\program files\XSPPlat\system\F3Z2.BMP
    c:\program files\XSPPlat\system\F3Z20.BMP
    c:\program files\XSPPlat\system\F3Z22.BMP
    c:\program files\XSPPlat\system\F3Z24.BMP
    c:\program files\XSPPlat\system\F3Z4.BMP
    c:\program files\XSPPlat\system\F3Z6.BMP
    c:\program files\XSPPlat\system\F3Z8.BMP
    c:\program files\XSPPlat\system\F4.WMF
    c:\program files\XSPPlat\system\F4Z10.BMP
    c:\program files\XSPPlat\system\F4Z12.BMP
    c:\program files\XSPPlat\system\F4Z14.BMP
    c:\program files\XSPPlat\system\F4Z16.BMP
    c:\program files\XSPPlat\system\F4Z18.BMP
    c:\program files\XSPPlat\system\F4Z2.BMP
    c:\program files\XSPPlat\system\F4Z20.BMP
    c:\program files\XSPPlat\system\F4Z22.BMP
    c:\program files\XSPPlat\system\F4Z24.BMP
    c:\program files\XSPPlat\system\F4Z4.BMP
    c:\program files\XSPPlat\system\F4Z6.BMP
    c:\program files\XSPPlat\system\F4Z8.BMP
    c:\program files\XSPPlat\system\F5.WMF
    c:\program files\XSPPlat\system\F5Z10.BMP
    c:\program files\XSPPlat\system\F5Z12.BMP
    c:\program files\XSPPlat\system\F5Z14.BMP
    c:\program files\XSPPlat\system\F5Z16.BMP
    c:\program files\XSPPlat\system\F5Z18.BMP
    c:\program files\XSPPlat\system\F5Z2.BMP
    c:\program files\XSPPlat\system\F5Z20.BMP
    c:\program files\XSPPlat\system\F5Z22.BMP
    c:\program files\XSPPlat\system\F5Z24.BMP
    c:\program files\XSPPlat\system\F5Z4.BMP
    c:\program files\XSPPlat\system\F5Z6.BMP
    c:\program files\XSPPlat\system\F5Z8.BMP
    c:\program files\XSPPlat\system\F6.WMF
    c:\program files\XSPPlat\system\F6Z10.BMP
    c:\program files\XSPPlat\system\F6Z12.BMP
    c:\program files\XSPPlat\system\F6Z14.BMP
    c:\program files\XSPPlat\system\F6Z16.BMP
    c:\program files\XSPPlat\system\F6Z18.BMP
    c:\program files\XSPPlat\system\F6Z2.BMP
    c:\program files\XSPPlat\system\F6Z20.BMP
    c:\program files\XSPPlat\system\F6Z22.BMP
    c:\program files\XSPPlat\system\F6Z24.BMP
    c:\program files\XSPPlat\system\F6Z4.BMP
    c:\program files\XSPPlat\system\F6Z6.BMP
    c:\program files\XSPPlat\system\F6Z8.BMP
    c:\program files\XSPPlat\system\F7.WMF
    c:\program files\XSPPlat\system\F7Z10.BMP
    c:\program files\XSPPlat\system\F7Z12.BMP
    c:\program files\XSPPlat\system\F7Z14.BMP
    c:\program files\XSPPlat\system\F7Z16.BMP
    c:\program files\XSPPlat\system\F7Z18.BMP
    c:\program files\XSPPlat\system\F7Z2.BMP
    c:\program files\XSPPlat\system\F7Z20.BMP
    c:\program files\XSPPlat\system\F7Z22.BMP
    c:\program files\XSPPlat\system\F7Z24.BMP
    c:\program files\XSPPlat\system\F7Z4.BMP
    c:\program files\XSPPlat\system\F7Z6.BMP
    c:\program files\XSPPlat\system\F7Z8.BMP
    c:\program files\XSPPlat\system\F8.WMF
    c:\program files\XSPPlat\system\F8Z10.BMP
    c:\program files\XSPPlat\system\F8Z12.BMP
    c:\program files\XSPPlat\system\F8Z14.BMP
    c:\program files\XSPPlat\system\F8Z16.BMP
    c:\program files\XSPPlat\system\F8Z18.BMP
    c:\program files\XSPPlat\system\F8Z2.BMP
    c:\program files\XSPPlat\system\F8Z20.BMP
    c:\program files\XSPPlat\system\F8Z22.BMP
    c:\program files\XSPPlat\system\F8Z24.BMP
    c:\program files\XSPPlat\system\F8Z4.BMP
    c:\program files\XSPPlat\system\F8Z6.BMP
    c:\program files\XSPPlat\system\F8Z8.BMP
    c:\program files\XSPPlat\system\F9.WMF
    c:\program files\XSPPlat\system\F9Z10.BMP
    c:\program files\XSPPlat\system\F9Z12.BMP
    c:\program files\XSPPlat\system\F9Z14.BMP
    c:\program files\XSPPlat\system\F9Z16.BMP
    c:\program files\XSPPlat\system\F9Z18.BMP
    c:\program files\XSPPlat\system\F9Z2.BMP
    c:\program files\XSPPlat\system\F9Z20.BMP
    c:\program files\XSPPlat\system\F9Z22.BMP
    c:\program files\XSPPlat\system\F9Z24.BMP
    c:\program files\XSPPlat\system\F9Z4.BMP
    c:\program files\XSPPlat\system\F9Z6.BMP
    c:\program files\XSPPlat\system\F9Z8.BMP
    c:\program files\XSPPlat\system\Fs10z10.bmp
    c:\program files\XSPPlat\system\Fs10z12.bmp
    c:\program files\XSPPlat\system\Fs10z14.bmp
    c:\program files\XSPPlat\system\Fs10z16.bmp
    c:\program files\XSPPlat\system\Fs10z18.bmp
    c:\program files\XSPPlat\system\Fs10z2.bmp
    c:\program files\XSPPlat\system\Fs10z20.bmp
    c:\program files\XSPPlat\system\Fs10z22.bmp
    c:\program files\XSPPlat\system\Fs10z24.bmp
    c:\program files\XSPPlat\system\Fs10z4.bmp
    c:\program files\XSPPlat\system\Fs10z6.bmp
    c:\program files\XSPPlat\system\Fs10z8.bmp
    c:\program files\XSPPlat\system\Fs9z10.bmp
    c:\program files\XSPPlat\system\Fs9z12.bmp
    c:\program files\XSPPlat\system\Fs9z14.bmp
    c:\program files\XSPPlat\system\Fs9z16.bmp
    c:\program files\XSPPlat\system\Fs9z18.bmp
    c:\program files\XSPPlat\system\Fs9z2.bmp
    c:\program files\XSPPlat\system\Fs9z20.bmp
    c:\program files\XSPPlat\system\Fs9z22.bmp
    c:\program files\XSPPlat\system\Fs9z24.bmp
    c:\program files\XSPPlat\system\Fs9z4.bmp
    c:\program files\XSPPlat\system\Fs9z6.bmp
    c:\program files\XSPPlat\system\Fs9z8.bmp
    c:\program files\XSPPlat\system\hlpindex_en.txt
    c:\program files\XSPPlat\system\K10.BMP
    c:\program files\XSPPlat\system\K12.BMP
    c:\program files\XSPPlat\system\K14.BMP
    c:\program files\XSPPlat\system\K16.BMP
    c:\program files\XSPPlat\system\K18.BMP
    c:\program files\XSPPlat\system\K2.BMP
    c:\program files\XSPPlat\system\K20.BMP
    c:\program files\XSPPlat\system\K22.BMP
    c:\program files\XSPPlat\system\K24.BMP
    c:\program files\XSPPlat\system\K4.BMP
    c:\program files\XSPPlat\system\K6.BMP
    c:\program files\XSPPlat\system\K8.BMP
    c:\program files\XSPPlat\system\KB10.BMP
    c:\program files\XSPPlat\system\KB12.BMP
    c:\program files\XSPPlat\system\KB14.BMP
    c:\program files\XSPPlat\system\KB16.BMP
    c:\program files\XSPPlat\system\KB18.BMP
    c:\program files\XSPPlat\system\KB2.BMP
    c:\program files\XSPPlat\system\KB20.BMP
    c:\program files\XSPPlat\system\KB22.BMP
    c:\program files\XSPPlat\system\KB24.BMP
    c:\program files\XSPPlat\system\KB4.BMP
    c:\program files\XSPPlat\system\KB6.BMP
    c:\program files\XSPPlat\system\KB8.BMP
    c:\program files\XSPPlat\system\PA10.BMP
    c:\program files\XSPPlat\system\PA12.BMP
    c:\program files\XSPPlat\system\PA14.BMP
    c:\program files\XSPPlat\system\PA16.BMP
    c:\program files\XSPPlat\system\PA18.BMP
    c:\program files\XSPPlat\system\PA2.BMP
    c:\program files\XSPPlat\system\PA20.BMP
    c:\program files\XSPPlat\system\PA22.BMP
    c:\program files\XSPPlat\system\PA24.BMP
    c:\program files\XSPPlat\system\PA4.BMP
    c:\program files\XSPPlat\system\PA6.BMP
    c:\program files\XSPPlat\system\PA8.BMP
    c:\program files\XSPPlat\system\PLAS10.BMP
    c:\program files\XSPPlat\system\PLAS12.BMP
    c:\program files\XSPPlat\system\PLAS14.BMP
    c:\program files\XSPPlat\system\PLAS16.BMP
    c:\program files\XSPPlat\system\PLAS18.BMP
    c:\program files\XSPPlat\system\PLAS2.BMP
    c:\program files\XSPPlat\system\PLAS20.BMP
    c:\program files\XSPPlat\system\PLAS22.BMP
    c:\program files\XSPPlat\system\PLAS24.BMP
    c:\program files\XSPPlat\system\PLAS4.BMP
    c:\program files\XSPPlat\system\PLAS6.BMP
    c:\program files\XSPPlat\system\PLAS8.BMP
    c:\program files\XSPPlat\system\PLASR10.BMP
    c:\program files\XSPPlat\system\PLASR12.BMP
    c:\program files\XSPPlat\system\PLASR14.BMP
    c:\program files\XSPPlat\system\PLASR16.BMP
    c:\program files\XSPPlat\system\PLASR18.BMP
    c:\program files\XSPPlat\system\PLASR2.BMP
    c:\program files\XSPPlat\system\PLASR20.BMP
    c:\program files\XSPPlat\system\PLASR22.BMP
    c:\program files\XSPPlat\system\PLASR24.BMP
    c:\program files\XSPPlat\system\PLASR4.BMP
    c:\program files\XSPPlat\system\PLASR6.BMP
    c:\program files\XSPPlat\system\PLASR8.BMP
    c:\program files\XSPPlat\system\PT10.BMP
    c:\program files\XSPPlat\system\PT12.BMP
    c:\program files\XSPPlat\system\PT14.BMP
    c:\program files\XSPPlat\system\PT16.BMP
    c:\program files\XSPPlat\system\PT18.BMP
    c:\program files\XSPPlat\system\PT2.BMP
    c:\program files\XSPPlat\system\PT20.BMP
    c:\program files\XSPPlat\system\PT22.BMP
    c:\program files\XSPPlat\system\PT24.BMP
    c:\program files\XSPPlat\system\PT4.BMP
    c:\program files\XSPPlat\system\PT6.BMP
    c:\program files\XSPPlat\system\PT8.BMP
    c:\program files\XSPPlat\system\PX10.BMP
    c:\program files\XSPPlat\system\PX12.BMP
    c:\program files\XSPPlat\system\PX14.BMP
    c:\program files\XSPPlat\system\PX16.BMP
    c:\program files\XSPPlat\system\PX18.BMP
    c:\program files\XSPPlat\system\PX2.BMP
    c:\program files\XSPPlat\system\PX20.BMP
    c:\program files\XSPPlat\system\PX22.BMP
    c:\program files\XSPPlat\system\PX24.BMP
    c:\program files\XSPPlat\system\PX4.BMP
    c:\program files\XSPPlat\system\PX6.BMP
    c:\program files\XSPPlat\system\PX8.BMP
    c:\program files\XSPPlat\system\RUG10.BMP
    c:\program files\XSPPlat\system\RUG12.BMP
    c:\program files\XSPPlat\system\RUG14.BMP
    c:\program files\XSPPlat\system\RUG16.BMP
    c:\program files\XSPPlat\system\RUG18.BMP
    c:\program files\XSPPlat\system\RUG2.BMP
    c:\program files\XSPPlat\system\RUG20.BMP
    c:\program files\XSPPlat\system\RUG22.BMP
    c:\program files\XSPPlat\system\RUG24.BMP
    c:\program files\XSPPlat\system\RUG4.BMP
    c:\program files\XSPPlat\system\RUG6.BMP
    c:\program files\XSPPlat\system\RUG8.BMP
    c:\program files\XSPPlat\system\RUGR10.BMP
    c:\program files\XSPPlat\system\RUGR12.BMP
    c:\program files\XSPPlat\system\RUGR14.BMP
    c:\program files\XSPPlat\system\RUGR16.BMP
    c:\program files\XSPPlat\system\RUGR18.BMP
    c:\program files\XSPPlat\system\RUGR2.BMP
    c:\program files\XSPPlat\system\RUGR20.BMP
    c:\program files\XSPPlat\system\RUGR22.BMP
    c:\program files\XSPPlat\system\RUGR24.BMP
    c:\program files\XSPPlat\system\RUGR4.BMP
    c:\program files\XSPPlat\system\RUGR6.BMP
    c:\program files\XSPPlat\system\RUGR8.BMP
    c:\program files\XSPPlat\system\SPLITH.BMP
    c:\program files\XSPPlat\system\SPLITV.BMP
    c:\program files\XSPPlat\system\SWEB.WMF
    c:\program files\XSPPlat\system\T10.BMP
    c:\program files\XSPPlat\system\T12.BMP
    c:\program files\XSPPlat\system\T14.BMP
    c:\program files\XSPPlat\system\T16.BMP
    c:\program files\XSPPlat\system\T18.BMP
    c:\program files\XSPPlat\system\T2.BMP
    c:\program files\XSPPlat\system\T20.BMP
    c:\program files\XSPPlat\system\T22.BMP
    c:\program files\XSPPlat\system\T24.BMP
    c:\program files\XSPPlat\system\T4.BMP
    c:\program files\XSPPlat\system\T6.BMP
    c:\program files\XSPPlat\system\T8.BMP
    c:\program files\XSPPlat\system\TAP10.BMP
    c:\program files\XSPPlat\system\TAP12.BMP
    c:\program files\XSPPlat\system\TAP14.BMP
    c:\program files\XSPPlat\system\TAP16.BMP
    c:\program files\XSPPlat\system\TAP18.BMP
    c:\program files\XSPPlat\system\TAP2.BMP
    c:\program files\XSPPlat\system\TAP20.BMP
    c:\program files\XSPPlat\system\TAP22.BMP
    c:\program files\XSPPlat\system\TAP24.BMP
    c:\program files\XSPPlat\system\TAP4.BMP
    c:\program files\XSPPlat\system\TAP6.BMP
    c:\program files\XSPPlat\system\TAP8.BMP
    c:\program files\XSPPlat\system\TAPR10.BMP
    c:\program files\XSPPlat\system\TAPR12.BMP
    c:\program files\XSPPlat\system\TAPR14.BMP
    c:\program files\XSPPlat\system\TAPR16.BMP
    c:\program files\XSPPlat\system\TAPR18.BMP
    c:\program files\XSPPlat\system\TAPR2.BMP
    c:\program files\XSPPlat\system\TAPR20.BMP
    c:\program files\XSPPlat\system\TAPR22.BMP
    c:\program files\XSPPlat\system\TAPR24.BMP
    c:\program files\XSPPlat\system\TAPR28.BMP
    c:\program files\XSPPlat\system\TAPR4.BMP
    c:\program files\XSPPlat\system\TAPR6.BMP
    c:\program files\XSPPlat\system\TAPR8.BMP
    c:\program files\XSPPlat\system\TARGET.WMF
    c:\program files\XSPPlat\system\TARGET2.WMF
    c:\program files\XSPPlat\system\X10.BMP
    c:\program files\XSPPlat\system\X12.BMP
    c:\program files\XSPPlat\system\X14.BMP
    c:\program files\XSPPlat\system\X16.BMP
    c:\program files\XSPPlat\system\X18.BMP
    c:\program files\XSPPlat\system\X2.BMP
    c:\program files\XSPPlat\system\X20.BMP
    c:\program files\XSPPlat\system\X22.BMP
    c:\program files\XSPPlat\system\X24.BMP
    c:\program files\XSPPlat\system\X4.BMP
    c:\program files\XSPPlat\system\X6.BMP
    c:\program files\XSPPlat\system\X8.BMP
    c:\program files\XSPPlat\Tapimatic Rug Wool.rng
    c:\program files\XSPPlat\templates\default.bak
    c:\program files\XSPPlat\templates\DEFAULT.RTF
    c:\program files\XSPPlat\templates\default.xsp
    c:\program files\XSPPlat\templates\DEFAULT2.RTF
    c:\program files\XSPPlat\templates\DISPLAY.TXT
    c:\program files\XSPPlat\templates\nostrands.RTF
    c:\program files\XSPPlat\templates\PRINT.TXT
    c:\program files\XSPPlat\templates\PUBKEY.RTF
    c:\program files\XSPPlat\templates\pubkey_2cols.RTF
    c:\program files\XSPPlat\templates\smallKEY.RTF
    c:\program files\XSPPlat\templates\strands.RTF
    c:\program files\XSPPlat\test.xsf
    c:\program files\XSPPlat\Trebla.rng
    c:\program files\XSPPlat\Turkey Rug.rng
    c:\program files\XSPPlat\TURKEY.RNG
    c:\program files\XSPPlat\Turtle.xsp
    c:\program files\XSPPlat\unins000.dat
    c:\program files\XSPPlat\unins000.exe
    c:\program files\XSPPlat\V and H.rng
    c:\program files\XSPPlat\VandH2003.rng
    c:\program files\XSPPlat\variegated_demo.rng
    c:\program files\XSPPlat\Venus.rng
    c:\program files\XSPPlat\Vital Link Metallic.rng
    c:\program files\XSPPlat\Vital Link Rayon.rng
    c:\program files\XSPPlat\xsp2003.cnt
    c:\program files\XSPPlat\xsp2003.hlp
    c:\program files\XSPPlat\xspplat.pdf
    c:\program files\XSPPlat\Xstitch.exe
    c:\program files\XSPPlat\Xstitch.mld
    c:\program files\XSPPlat\Xstitch.url

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
    .

    2012-04-12 08:59 . 2012-04-12 09:37 -------- d-----w- C:\Mum n Dads Laptop Files
    2012-03-15 20:28 . 2012-03-15 20:28 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Help
    2012-03-15 20:25 . 2012-03-15 20:25 5248 ----a-w- c:\windows\system32\giveio.sys
    2012-03-15 20:22 . 2012-03-15 20:32 -------- d-----w- c:\program files\SSC Service Utility
    2012-03-11 16:37 . 2012-03-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
    2012-03-03 14:48 . 2012-03-03 14:48 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Scansoft
    2012-02-26 20:25 . 2012-02-26 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2012-02-26 20:24 . 2012-02-26 20:24 -------- d-----w- c:\documents and settings\michael\Application Data\Nuance
    2012-02-26 19:59 . 2012-02-26 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
    2012-02-26 19:59 . 2010-07-16 18:59 -------- d-----w- c:\windows\speech
    2012-02-21 22:16 . 2012-02-21 22:16 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\WinAVI
    2012-02-21 22:16 . 2012-02-27 16:36 -------- d-----w- c:\program files\WinAVI Video Converter
    2010-12-12 21:36 . 2010-12-12 21:36 -------- d-----w- C:\_OTM
    2010-12-11 14:01 . 2010-12-11 14:01 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Symantec
    2010-12-10 22:09 . 2010-12-11 00:03 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Corel
    2010-12-10 20:53 . 2010-12-10 20:58 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Ahead
    2010-12-10 20:46 . 2010-12-10 21:02 -------- d-----w- c:\documents and settings\michael\Application Data\Ahead
    2010-12-10 20:45 . 2010-12-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2010-12-10 20:40 . 2010-12-10 20:43 -------- d-----w- c:\program files\Common Files\Ahead
    2010-12-10 20:40 . 2010-12-10 20:40 -------- d-----w- c:\program files\Nero
    2010-12-10 19:23 . 2010-12-10 19:25 -------- d-----w- C:\cf879e36f8bf4533509e6ebb38882192
    2010-12-10 17:23 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-12-10 17:23 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-12-10 17:22 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-12-10 17:22 . 2010-12-10 17:22 -------- d-----w- c:\windows\Logs
    2010-12-10 13:15 . 2010-04-12 03:01 47616 ----a-r- c:\windows\system32\LGScsiCommandService.exe
    2010-12-10 13:15 . 2009-09-23 07:05 24576 ----a-r- c:\windows\system32\SendScsiCmd.dll
    2010-12-09 13:21 . 2010-12-09 13:21 -------- d-----w- c:\documents and settings\michael\Application Data\myriaCrossConv
    2010-12-09 13:21 . 2010-12-09 13:22 -------- d-----w- c:\program files\myriaCrossConv
    2010-12-09 13:12 . 2010-12-09 13:40 -------- d-----w- c:\program files\WinStitch Demo Version

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 13:23 . 2010-11-09 13:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-09 13:23 . 2010-11-09 13:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-09 13:22 . 2010-11-09 15:26 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
    2010-11-09 13:22 . 2010-11-09 15:26 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
    2010-11-09 13:22 . 2010-11-09 15:26 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
    2010-11-09 13:22 . 2010-11-09 15:26 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
    2010-11-09 13:22 . 2010-11-09 15:26 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
    2010-11-09 13:22 . 2010-11-09 15:26 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
    2010-11-09 13:22 . 2010-11-09 13:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-11-09 13:22 . 2010-11-09 15:25 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
    2010-11-09 13:22 . 2010-11-09 15:25 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
    2010-11-09 13:22 . 2010-11-09 15:25 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
    2010-11-09 13:22 . 2010-11-09 15:25 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
    2010-11-09 13:22 . 2010-11-09 13:25 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-11-09 13:21 . 2010-11-09 13:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-10-28 18:15 . 2010-07-13 15:37 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-10-28 18:15 . 2010-07-13 15:37 88 --sh--r- c:\documents and settings\All Users\Application Data\03BEF1D2A8.sys
    2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2010-09-18 11:23 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2009-05-19 09:23 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2009-05-19 09:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-12-11_14.42.12 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-12-05 11:41 . 2010-12-11 06:08 71482 c:\windows\system32\perfc009.dat
    + 2005-12-05 11:41 . 2010-12-13 12:25 71482 c:\windows\system32\perfc009.dat
    + 2010-12-13 12:23 . 2010-12-13 12:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-12-11 05:59 . 2010-12-11 05:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-12-11 05:56 . 2010-12-11 05:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2010-12-11 05:59 . 2010-12-11 05:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-12-11 05:56 . 2010-12-11 05:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2010-12-11 05:58 . 2010-12-11 05:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2010-12-11 05:56 . 2010-12-11 05:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-12-11 05:58 . 2010-12-11 05:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-12-11 05:59 . 2010-12-11 05:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2005-12-05 11:41 . 2010-12-13 12:25 441546 c:\windows\system32\perfh009.dat
    - 2005-12-05 11:41 . 2010-12-11 06:08 441546 c:\windows\system32\perfh009.dat
    - 2010-12-11 05:55 . 2010-12-11 05:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2010-12-11 06:02 . 2010-12-11 06:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2010-12-11 05:56 . 2010-12-11 05:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2010-12-11 05:58 . 2010-12-11 05:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-12-11 06:02 . 2010-12-11 06:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-12-11 06:01 . 2010-12-11 06:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-12-11 05:59 . 2010-12-11 05:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2010-12-11 05:56 . 2010-12-11 05:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2010-12-11 05:56 . 2010-12-11 05:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-12-11 06:00 . 2010-12-11 06:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2010-12-11 05:59 . 2010-12-11 05:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-12-13 12:23 . 2010-12-13 12:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2010-12-11 05:55 . 2010-12-11 05:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2010-12-11 06:01 . 2010-12-11 06:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2010-12-13 12:24 . 2010-12-13 12:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
    "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
    "VTTimer"="VTTimer.exe" [2005-03-07 53248]
    "VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [09/11/2010 15:26 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [09/11/2010 15:25 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [09/11/2010 15:25 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101210.001\IDSXpx86.sys [11/12/2010 16:32 341944]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [07/03/2010 11:11 390528]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
    R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [10/12/2010 13:15 47616]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/12/2010 15:30 102448]
    R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 16:42 6528]
    S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [09/11/2010 15:24 117640]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
    S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/02/2010 09:47 721904]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-Cross Stitch Professional Platinum_is1 - c:\program files\XSPPlat\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-13 12:56
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    Completion time: 2010-12-13 13:35:21
    ComboFix-quarantined-files.txt 2010-12-13 13:34
    ComboFix2.txt 2010-12-11 15:24
    ComboFix3.txt 2010-11-09 23:25

    Pre-Run: 22,760,755,200 bytes free
    Post-Run: 22,773,784,576 bytes free

    - - End Of File - - 325B501B5237C7B149E43B23B09292FD
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You should be running better now. Please do a new Eset scan.

    Follow that with:
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...