TechSpot

Malware, AVG white list, slow, redirecting

Solved
By Katyjane
Jan 19, 2012
  1. Hi there,
    First post, and I'm new to all of this, but I've read all the intros and think I'm on the right track.

    I have an infection! it did something to my Windows XP SP2 security centre. Very slow computer (although slightly better after AVG 2012 (free) scan and removal which could not deal with everything.
    1st of all, my back up is out of date. I have a split c drive and d drive but don't really know what to do with them.

    Given the infection, I'm not sure if it is a good idea to copy my MyDocs folder to D drive for good measure of if that runs the risk of infecting D drive too. Please advise best way to back up at this stage.

    So, here are my logs.

    AVG 2012

    ;"C:\WINDOWS\Temp\tue0.17053006872030374.exe";"Trojan horse Generic26.BPJB";"Moved to Virus Vault"
    ;"C:\WINDOWS\Temp\gdfyghret.exe";"Trojan horse Generic26.BPJB";"Moved to Virus Vault"
    ;"C:\WINDOWS\system32\DRIVERS\mrxsmb.sys";"Trojan horse Dropper.Generic5.TOP";"Object is white-listed (critical/system file that should not be removed)"
    ;"C:\WINDOWS\system32\drivers\mrxsmb.sys";"Trojan horse Dropper.Generic5.TOP";"Object is white-listed (critical/system file that should not be removed)"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0183970.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0183969.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0183968.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0183967.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0183933.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0183898.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0182898.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP573\A0181898.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP572\A0180619.exe";"Found Luhe.Packed.S";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP572\A0180618.exe";"Found Luhe.Packed.S";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP572\A0180617.exe";"Found Luhe.Packed.S";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP571\A0180594.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP569\A0180308.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP569\A0177308.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP569\A0177214.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP569\A0176213.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP569\A0175214.sys";"Trojan horse Dropper.Generic5.TOP";"Moved to Virus Vault"
    ;"C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ytuk.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ywbuef.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki\wavipao.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"
    ;"C:\Documents and Settings\Administrator.YOUR-X8YTBSNBLG\Start Menu\Programs\Startup\awzeug.exe";"Virus found Win32/Cryptor";"Moved to Virus Vault"

    Warnings
    ;"File";"Infection";"Result"
    ;"HKU\S-1-5-21-1806030720-1702115063-398037475-1006\Software\Microsoft\Windows\CurrentVersion\Run\\{301496E7-380D-83E4-99E3-A828578AB168}";"Found registry key with reference to infected file C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki\wavipao.exe";"Moved to Virus Vault"
    ;"HKLM\SYSTEM\CurrentControlSet\services\MRxSmb";"Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\mrxsmb.sys";"Moved to Virus Vault"
    -------------------------------------------------------------------------------------------------------
    Malwarebytes
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.18.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    default User :: YOUR-X8YTBSNBLG [administrator]

    1/18/2012 10:02:21 PM
    mbam-log-2012-01-18 (22-02-21).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 343192
    Time elapsed: 2 hour(s), 28 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\aft.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\My Documents\Downloads\cnet_office-convert-pdf-to-jpg-jpeg-tiff-free_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

    (end)

    -----------------------------------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-19 21:29:37
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160827AS rev.3.AAA
    Running: onrjw4kj.exe; Driver: C:\DOCUME~1\DEFAUL~1.YOU\LOCALS~1\Temp\fwgdapog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    too long - next post
     
  2. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    Rest of my logs -

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by default User at 21:42:02 on 2012-01-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.594 [GMT 11:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://eeepc.asus.com/global
    uInternet Settings,ProxyServer = proxy.tpg.com.au:3128
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [{301496E7-380D-83E4-99E3-A828578AB168}] "c:\documents and settings\default user.your-x8ytbsnblg\application data\yki\wavipao.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
    IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229040912093
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229040817312
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F47B02A0-6225-4C9E-AD19-C3B7F6D9B2F9} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: TPSvc - TPSvc.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\default user.your-x8ytbsnblg\application data\mozilla\firefox\profiles\km1zlqrx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com.au/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q=
    FF - prefs.js: network.proxy.ftp - 10.12.0.1
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - 10.12.0.1
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - 10.12.0.1
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - 10.12.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 10.12.0.1
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
    FF - plugin: c:\documents and settings\default user.your-x8ytbsnblg\application data\mozilla\firefox\profiles\km1zlqrx.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
    FF - plugin: c:\documents and settings\default user.your-x8ytbsnblg\application data\mozilla\firefox\profiles\km1zlqrx.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
    FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
    FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-5 116608]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-6-27 625024]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-13 136176]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-5 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-13 136176]
    .
    =============== Created Last 30 ================
    .
    2012-01-19 10:35:38 -------- d--h--w- c:\windows\PIF
    2012-01-18 10:57:32 -------- d-----w- c:\documents and settings\default user.your-x8ytbsnblg\application data\Malwarebytes
    2012-01-18 10:57:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-18 10:57:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-18 10:57:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-13 21:01:06 -------- d-----w- c:\documents and settings\default user.your-x8ytbsnblg\application data\Yki
    2012-01-13 21:01:06 -------- d-----w- c:\documents and settings\default user.your-x8ytbsnblg\application data\Ufhi
    2012-01-12 09:58:00 -------- d-----w- c:\documents and settings\default user.your-x8ytbsnblg\application data\AVG
    2012-01-12 07:43:01 -------- d-----w- c:\documents and settings\default user.your-x8ytbsnblg\application data\AVG2012
    2012-01-12 07:34:33 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-01-12 07:34:33 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2012-01-12 07:20:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2012-01-11 14:35:30 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2012-01-11 14:35:23 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2012-01-11 14:35:22 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2012-01-11 14:35:16 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2012-01-11 14:35:10 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2012-01-11 14:35:00 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2012-01-11 14:34:53 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2012-01-11 14:34:51 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2012-01-11 14:34:44 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2012-01-11 14:34:43 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2012-01-11 14:34:22 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2012-01-11 14:34:18 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2012-01-11 14:34:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2012-01-11 14:32:58 14208 -c--a-w- c:\windows\system32\dllcache\wacompen.sys
    2012-01-11 14:32:49 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
    2012-01-11 14:32:42 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
    2012-01-11 14:32:35 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
    2012-01-11 14:32:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
    2012-01-11 14:32:20 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
    2012-01-11 14:32:12 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2012-01-11 14:32:05 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
    2012-01-11 14:31:58 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
    2012-01-11 14:31:55 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2012-01-11 14:31:55 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
    2012-01-11 14:31:51 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
    2012-01-11 14:31:43 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2012-01-11 14:31:35 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2012-01-11 14:31:27 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2012-01-11 14:31:20 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
    2012-01-11 14:31:11 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
    2012-01-11 14:31:03 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
    2012-01-11 14:30:56 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
    2012-01-11 14:30:49 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
    2012-01-11 14:30:47 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
    2012-01-11 14:30:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-01-11 14:30:43 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
    2012-01-11 14:30:40 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2012-01-11 14:30:37 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
    2012-01-11 14:30:36 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
    2012-01-11 14:30:24 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
    2012-01-11 14:30:16 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
    2012-01-11 14:30:09 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
    2012-01-11 14:30:01 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
    2012-01-11 14:29:54 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
    2012-01-11 14:29:46 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
    2012-01-11 14:29:38 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
    2012-01-11 14:29:31 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
    2012-01-11 14:29:24 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
    2012-01-11 14:29:16 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
    2012-01-11 14:29:08 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
    2012-01-11 14:29:05 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
    2012-01-11 14:28:59 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
    2012-01-11 14:28:48 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
    2012-01-11 14:28:42 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
    2012-01-11 14:28:36 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
    2012-01-11 14:28:31 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2012-01-11 14:28:25 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
    2012-01-11 14:28:19 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
    2012-01-11 14:28:13 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
    2012-01-11 14:28:07 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
    2012-01-11 14:28:06 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
    2012-01-11 14:28:00 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
    2012-01-11 14:27:52 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2012-01-11 14:27:47 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2012-01-11 14:27:41 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2012-01-11 14:27:35 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
    2012-01-11 14:27:29 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
    2012-01-11 14:27:22 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
    2012-01-11 14:27:15 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
    2012-01-11 14:27:13 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
    2012-01-11 14:27:06 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
    2012-01-11 14:27:00 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
    2012-01-11 14:26:51 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
    2012-01-11 14:26:43 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
    2012-01-11 14:26:38 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
    2012-01-11 14:26:32 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
    2012-01-11 14:26:21 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
    2012-01-11 14:26:16 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
    2012-01-11 14:26:10 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
    2012-01-11 14:26:04 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
    2012-01-11 14:25:58 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
    2012-01-11 14:25:51 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
    2012-01-11 14:25:45 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
    2012-01-11 14:25:39 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
    2012-01-11 14:25:33 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
    2012-01-11 14:25:27 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
    2012-01-11 14:25:21 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
    2012-01-11 14:25:13 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
    2012-01-11 14:25:07 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
    2012-01-11 14:25:01 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
    2012-01-11 14:24:54 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
    2012-01-11 14:24:45 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
    2012-01-11 14:24:38 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
    2012-01-11 14:24:28 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
    2012-01-11 14:24:19 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
    2012-01-11 14:24:13 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
    2012-01-11 14:24:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
    2012-01-11 14:24:00 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2012-01-11 14:23:54 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
    2012-01-11 14:23:49 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
    2012-01-11 14:23:43 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
    2012-01-11 14:23:37 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
    2012-01-11 14:23:35 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
    2012-01-11 14:23:29 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2012-01-11 14:23:15 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2012-01-11 14:23:09 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
    2012-01-11 14:23:02 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
    2012-01-11 14:21:56 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
    2012-01-11 14:21:50 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
    2012-01-11 14:21:44 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
    2012-01-11 14:21:38 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
    2012-01-11 14:21:35 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
    2012-01-11 14:21:30 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
    2012-01-11 14:21:24 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2012-01-11 14:21:23 40960 -c--a-w- c:\windows\system32\dllcache\sisagp.sys
    2012-01-11 14:21:17 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
    2012-01-11 14:21:12 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
    2012-01-11 14:21:06 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2012-01-11 14:21:00 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
    2012-01-11 14:20:59 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
    2012-01-11 14:20:45 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2012-01-11 14:20:38 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
    2012-01-11 14:20:33 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2012-01-11 14:20:27 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
    2012-01-11 14:20:21 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
    2012-01-11 14:20:12 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
    2012-01-11 14:20:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
    2012-01-11 14:19:58 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2012-01-11 14:19:56 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2012-01-11 14:19:51 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
    2012-01-11 14:19:43 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
    2012-01-11 14:19:37 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
    2012-01-11 14:19:30 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
    2012-01-11 14:19:25 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
    2012-01-11 14:19:22 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
    2012-01-11 14:19:17 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
    2012-01-11 14:19:08 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
    2012-01-11 14:19:02 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
    2012-01-11 14:18:56 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
    2012-01-11 14:18:49 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
    2012-01-11 14:18:43 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
    2012-01-11 14:18:37 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2012-01-11 14:18:32 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
    2012-01-11 14:18:26 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
    2012-01-11 14:18:20 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
    2012-01-11 14:18:15 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
    2012-01-11 14:18:09 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
    2012-01-11 14:18:04 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
    2012-01-11 14:18:03 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
    2012-01-11 14:18:02 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
    2012-01-11 14:17:56 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
    2012-01-11 14:17:50 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
    2012-01-11 14:17:47 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
    2012-01-11 14:17:45 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
    2012-01-11 14:17:41 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
    2012-01-11 14:17:35 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
    2012-01-11 14:17:29 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
    2012-01-11 14:17:21 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
    2012-01-11 14:17:13 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
    2012-01-11 14:17:09 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
    2012-01-11 14:17:08 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
    2012-01-11 14:17:01 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2012-01-11 14:16:58 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
    2012-01-11 14:16:53 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
    2012-01-11 14:16:46 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
    2012-01-11 14:16:34 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
    2012-01-11 14:16:26 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
    2012-01-11 14:16:20 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
    2012-01-11 14:16:14 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
    2012-01-11 14:16:09 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
    2012-01-11 14:15:59 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2012-01-11 14:15:54 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
    2012-01-11 14:15:48 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
    2012-01-11 14:15:43 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
    2012-01-11 14:15:36 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
    2012-01-11 14:15:34 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
    2012-01-11 14:15:25 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
    2012-01-11 14:15:19 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
    2012-01-11 14:15:12 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
    2012-01-11 14:15:10 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
    2012-01-11 14:15:04 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
    2012-01-11 14:14:56 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
    2012-01-11 14:14:54 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
    2012-01-11 14:14:49 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
    2012-01-11 14:14:45 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
    2012-01-11 14:14:39 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
    2012-01-11 14:14:39 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
    2012-01-11 14:14:31 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
    2012-01-11 14:14:20 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
    2012-01-11 14:14:13 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
    2012-01-11 14:14:07 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
    2012-01-11 14:14:00 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
    2012-01-11 14:13:54 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
    2012-01-11 14:13:48 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
    2012-01-11 14:13:41 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
    2012-01-11 14:13:40 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
    2012-01-11 14:13:38 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
    2012-01-11 14:13:37 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
    2012-01-11 14:13:30 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
    2012-01-11 14:13:23 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
    2012-01-11 14:13:21 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
    2012-01-11 14:13:14 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
    2012-01-11 14:13:08 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
    2012-01-11 14:13:01 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
    2012-01-11 14:12:55 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
    2012-01-11 14:12:48 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2012-01-11 14:12:47 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
    2012-01-11 14:12:40 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
    2012-01-11 14:12:30 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
    2012-01-11 14:12:24 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2012-01-11 14:12:18 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
    2012-01-11 14:12:12 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
    2012-01-11 14:12:05 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
    2012-01-11 14:11:58 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
    2012-01-11 14:11:52 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
    2012-01-11 14:11:46 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
    2012-01-11 14:11:40 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
    2012-01-11 14:11:33 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
    2012-01-11 14:11:28 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
    2012-01-11 14:11:23 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
    2012-01-11 14:11:18 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
    2012-01-11 14:11:13 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
    2012-01-11 14:11:07 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
    2012-01-11 14:11:01 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
    2012-01-11 14:10:56 1897408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2012-01-11 14:10:54 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2012-01-11 14:10:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2012-01-11 14:10:45 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
    2012-01-11 14:10:42 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
    2012-01-11 14:10:33 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2012-01-11 14:10:27 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2012-01-11 14:10:22 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2012-01-11 14:10:20 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2012-01-11 14:10:12 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2012-01-11 14:10:07 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2012-01-11 14:10:00 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2012-01-11 14:09:57 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
    2012-01-11 14:09:47 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
    2012-01-11 14:09:39 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
    2012-01-11 14:09:32 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
    2012-01-11 14:09:26 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
    2012-01-11 14:09:15 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
    2012-01-11 14:09:09 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
    2012-01-11 14:09:03 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
    2012-01-11 14:08:57 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
    2012-01-11 14:08:50 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
    2012-01-11 14:08:44 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
    2012-01-11 14:08:38 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
    2012-01-11 14:08:32 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
    2012-01-11 14:08:25 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
    2012-01-11 14:08:19 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
    2012-01-11 14:08:13 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
    2012-01-11 14:08:06 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
    2012-01-11 14:08:00 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
    2012-01-11 14:07:58 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
    2012-01-11 14:07:51 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2012-01-11 14:07:50 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
    2012-01-11 14:07:48 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
    2012-01-11 14:07:47 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
    2012-01-11 14:07:44 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2012-01-11 14:07:42 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2012-01-11 14:07:31 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2012-01-11 14:07:22 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2012-01-11 14:07:09 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2012-01-11 14:07:07 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2012-01-11 14:06:51 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2012-01-11 14:06:44 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2012-01-11 14:06:41 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2012-01-11 14:06:10 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2012-01-11 14:06:00 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
    2012-01-11 14:05:48 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
    2012-01-11 14:05:36 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
    2012-01-11 14:05:26 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
    2012-01-11 14:05:20 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
    2012-01-11 14:05:17 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
    2012-01-11 14:05:11 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
    2012-01-11 14:05:05 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
    2012-01-11 14:04:58 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
    2012-01-11 14:04:49 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
    2012-01-11 14:04:41 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
    2012-01-11 14:04:35 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
    2012-01-11 14:04:29 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
    2012-01-11 14:04:23 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
    2012-01-11 14:04:21 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
    2012-01-11 14:04:15 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
    2012-01-11 14:04:09 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
    2012-01-11 14:04:07 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
    2012-01-11 14:04:06 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
    2012-01-11 14:04:00 576746 -c--a-w- c:\windows\system32\dllcache\ltmdmntl.sys
    2012-01-11 14:03:59 606684 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
    2012-01-11 14:03:54 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
    2012-01-11 14:03:46 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
    2012-01-11 14:03:37 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
    2012-01-11 14:03:31 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
    2012-01-11 14:03:26 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
    2012-01-11 14:03:19 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
    2012-01-11 14:03:13 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2012-01-11 14:03:07 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
    2012-01-11 14:03:01 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
    2012-01-11 14:02:53 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
    2012-01-11 14:02:50 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
    2012-01-11 14:02:47 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
    2012-01-11 14:02:26 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2012-01-11 14:02:06 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2012-01-11 14:02:01 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
    2012-01-11 14:01:58 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
    2012-01-11 14:01:53 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
    2012-01-11 14:01:52 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
    2012-01-11 14:01:51 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
    2012-01-11 14:01:40 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
    2012-01-11 14:01:34 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
    2012-01-11 14:01:29 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
    2012-01-11 14:01:26 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
    2012-01-11 14:01:20 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
    2012-01-11 14:01:15 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2012-01-11 14:01:01 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
    2012-01-11 14:00:51 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2012-01-11 14:00:45 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
    2012-01-11 14:00:40 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
    2012-01-11 14:00:34 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
    2012-01-11 14:00:29 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
    2012-01-11 14:00:23 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
    2012-01-11 14:00:18 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
    2012-01-11 14:00:13 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
    2012-01-11 14:00:07 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
    2012-01-11 14:00:02 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
    2012-01-11 13:58:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
    2012-01-11 13:58:53 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
    2012-01-11 13:58:48 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
    2012-01-11 13:58:42 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
    2012-01-11 13:58:37 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
    2012-01-11 13:58:32 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
    2012-01-11 13:58:26 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
    2012-01-11 13:58:21 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
    2012-01-11 13:58:16 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
    2012-01-11 13:58:10 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
    2012-01-11 13:58:05 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
    2012-01-11 13:58:00 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
    2012-01-11 13:57:55 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
    2012-01-11 13:57:48 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
    2012-01-11 13:57:43 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
    2012-01-11 13:57:38 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
    2012-01-11 13:57:33 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
    2012-01-11 13:57:28 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
    2012-01-11 13:57:23 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
    2012-01-11 13:57:18 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
    2012-01-11 13:57:13 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
    2012-01-11 13:57:08 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
    2012-01-11 13:57:03 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
    2012-01-11 13:55:56 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
    2012-01-11 13:55:52 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
    2012-01-11 13:55:49 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
    2012-01-11 13:55:47 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
    2012-01-11 13:55:45 46464 -c--a-w- c:\windows\system32\dllcache\gagp30kx.sys
    2012-01-11 13:55:41 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
    2012-01-11 13:55:36 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
    2012-01-11 13:55:32 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
    2012-01-11 13:55:27 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
    2012-01-11 13:55:23 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
    2012-01-11 13:55:05 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
    2012-01-11 13:55:01 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
    2012-01-11 13:54:56 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
    2012-01-11 13:54:49 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
    2012-01-11 13:54:44 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
    2012-01-11 13:54:40 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
    2012-01-11 13:54:36 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
    2012-01-11 13:54:31 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
    2012-01-11 13:54:24 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
    2012-01-11 13:54:12 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
    2012-01-11 13:54:06 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
    2012-01-11 13:54:02 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
    2012-01-11 13:52:57 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
    2012-01-11 13:51:58 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
    2012-01-11 13:50:57 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
    2012-01-11 13:49:59 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
    2012-01-11 13:48:57 63208 -c--a-w- c:\windows\system32\dllcache\dc21x4.sys
    2012-01-11 13:47:58 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
    2012-01-11 13:46:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
    2012-01-11 13:45:58 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2012-01-11 13:44:59 17279 -c--a-w- c:\windows\system32\dllcache\atv10nt5.dll
    2012-01-11 13:43:58 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
    2012-01-11 13:42:58 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
    2012-01-11 13:41:35 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2012-01-10 12:31:16 -------- d-----w- c:\documents and settings\default user.your-x8ytbsnblg\local settings\application data\SanctionedMedia
    2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-08-13 02:24:45 567624 ----a-w- c:\program files\GoogleEarthSetup.exe
    2010-03-21 11:14:46 1098920 ----a-w- c:\program files\yahoomailuploader_0.5.exe
    2010-03-10 03:52:28 607584 ----a-w- c:\program files\RMITAU-SecureW2.exe
    2009-06-17 17:30:04 2525169 ----a-w- c:\program files\JPG-to-PDF-Converter-Setup.exe
    2009-05-29 12:14:26 652333 ----a-w- c:\program files\XviD-1.2.1-04122008.exe
    2008-10-06 18:29:14 1851544 ----a-w- c:\program files\install_flash_player.exe
    2008-05-07 23:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe
    .
    ============= FINISH: 21:43:26.31 ===============

    Too long -
    ……………………………………………………………………………………….
     
  3. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    And the rest!

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/29/2008 1:53:16 AM
    System Uptime: 1/19/2012 8:48:18 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 1000H
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 80 GiB total, 21.31 GiB free.
    D: is FIXED (NTFS) - 69 GiB total, 16.918 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP533: 10/22/2011 1:19:13 PM - System Checkpoint
    RP534: 10/23/2011 3:45:02 PM - System Checkpoint
    RP535: 10/24/2011 11:21:50 PM - System Checkpoint
    RP536: 10/26/2011 9:47:18 AM - Avg Update
    RP537: 11/1/2011 11:23:57 AM - System Checkpoint
    RP538: 11/2/2011 10:16:40 PM - System Checkpoint
    RP539: 11/4/2011 9:06:49 PM - System Checkpoint
    RP540: 11/6/2011 5:50:08 PM - System Checkpoint
    RP541: 11/10/2011 10:09:06 PM - System Checkpoint
    RP542: 11/12/2011 12:19:24 AM - Software Distribution Service 3.0
    RP543: 11/13/2011 1:10:14 AM - System Checkpoint
    RP544: 11/16/2011 6:49:08 PM - System Checkpoint
    RP545: 11/18/2011 12:52:53 PM - System Checkpoint
    RP546: 11/20/2011 12:21:20 PM - System Checkpoint
    RP547: 11/21/2011 9:10:20 PM - System Checkpoint
    RP548: 11/22/2011 9:14:37 PM - System Checkpoint
    RP549: 11/27/2011 7:57:12 PM - System Checkpoint
    RP550: 12/1/2011 7:48:44 PM - System Checkpoint
    RP551: 12/4/2011 2:36:18 PM - System Checkpoint
    RP552: 12/5/2011 6:16:48 PM - System Checkpoint
    RP553: 12/6/2011 9:21:55 PM - System Checkpoint
    RP554: 12/8/2011 6:45:59 PM - System Checkpoint
    RP555: 12/13/2011 10:04:55 PM - System Checkpoint
    RP556: 12/17/2011 2:37:04 PM - System Checkpoint
    RP557: 12/17/2011 10:17:28 PM - Avg Update
    RP558: 12/19/2011 7:50:15 AM - System Checkpoint
    RP559: 12/20/2011 11:48:24 PM - System Checkpoint
    RP560: 12/21/2011 12:10:37 AM - Software Distribution Service 3.0
    RP561: 12/22/2011 10:35:33 PM - System Checkpoint
    RP562: 12/25/2011 10:31:25 AM - System Checkpoint
    RP563: 12/30/2011 11:56:20 AM - System Checkpoint
    RP564: 1/1/2012 10:35:32 PM - System Checkpoint
    RP565: 1/2/2012 10:24:06 PM - Software Distribution Service 3.0
    RP566: 1/3/2012 10:43:38 PM - System Checkpoint
    RP567: 1/8/2012 1:23:57 PM - System Checkpoint
    RP568: 1/9/2012 9:50:28 PM - System Checkpoint
    RP569: 1/10/2012 10:44:58 PM - System Checkpoint
    RP570: 1/12/2012 6:26:31 PM - Installed AVG 2012
    RP571: 1/12/2012 6:28:54 PM - Removed AVG Free 9.0
    RP572: 1/12/2012 6:33:36 PM - Installed AVG 2012
    RP573: 1/12/2012 8:37:21 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP574: 1/19/2012 2:39:49 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Adabas D 13.01.00
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Asus ACPI Driver
    ASUSUpdate for Eee PC
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    AVG 2012
    AVG PC Tuneup
    Azurewave Wireless LAN
    Bonjour
    Compatibility Pack for the 2007 Office system
    e-tax 2009
    ECAP
    Eee Instant Key
    Eee Storage
    EndNote X3
    EPSON Printer Software
    ESET NOD32 register program
    Google Chrome
    Google Desktop
    Google Earth
    Google SketchUp 8
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IE7Pro
    Intel(R) Graphics Media Accelerator Driver
    InterVideo Register Manager
    InterVideo WinDVD
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Kamus 2.03
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.25)
    Mozilla Thunderbird (2.0.0.22)
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    office Convert Pdf to Jpg Jpeg Tiff Free 6.4
    OGA Notifier 1.7.0105.35.0
    QuickTime
    Realtek High Definition Audio Driver
    ResearchSoft Direct Export Helper
    Samsung ML-2850 Series
    SanctionedMedia
    SecureW2 EAP Suite 2.0.4 for Windows
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Segoe UI
    Skype™ 5.3
    Super Hybrid Engine
    SUPERAntiSpyware
    TestDrive Client
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.9
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Xvid 1.2.1 final uninstall
    Yahoo! BrowserPlus 2.9.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/19/2012 9:07:58 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    1/19/2012 7:18:36 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
    1/19/2012 7:18:36 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
    1/19/2012 7:17:16 AM, error: Workstation [5727] - Could not load RDR device driver.
    1/18/2012 9:00:28 PM, error: PlugPlayManager [12] - The device '802.11n Wireless LAN Card' (PCI\VEN_1814&DEV_0781&SUBSYS_27901814&REV_00\4&37028e5f&0&00E3) disappeared from the system without first being prepared for removal.
    1/15/2012 8:24:07 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    1/14/2012 9:57:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    1/14/2012 9:57:20 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
    1/14/2012 9:57:20 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
    1/14/2012 11:04:31 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    1/12/2012 8:35:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
    1/12/2012 8:35:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
    .
    ==== End Of File ===========================


    I'm not sure if there is a problem with the GMER scan, I thought I had disabled everything before realising I hadn't, so I cancelled the scan, disabled everything, then did another scan.


    I should note that I am going away on Saturday for 9 days - back on 30 January. I will be online tomorrow night, but not after that until 30 Jan, so please don't close this off - I will come back to it as soon as I get back.

    Thanks for your help
    Katy
     
  4. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    Hi Bron,
    Thanks for your help.

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-20 07:41:06
    -----------------------------
    07:41:06.796 OS Version: Windows 5.1.2600 Service Pack 3
    07:41:06.796 Number of processors: 2 586 0x1C02
    07:41:06.796 ComputerName: YOUR-X8YTBSNBLG UserName: default User
    07:41:07.687 Initialize success
    08:05:13.312 AVAST engine defs: 12011901
    08:08:15.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    08:08:15.265 Disk 0 Vendor: ST9160827AS 3.AAA Size: 152627MB BusType: 3
    08:08:15.375 Disk 0 MBR read successfully
    08:08:15.390 Disk 0 MBR scan
    08:08:15.515 Disk 0 Windows XP default MBR code
    08:08:15.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81933 MB offset 63
    08:08:15.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70653 MB offset 167798925
    08:08:15.593 Disk 0 Partition 3 00 EF EFI FAT B 39 MB offset 312496380
    08:08:15.859 Disk 0 scanning sectors +312576705
    08:08:15.968 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:08:22.781 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
    08:08:33.000 Disk 0 trace - called modules:
    08:08:33.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    08:08:33.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d15878]
    08:08:33.062 3 CLASSPNP.SYS[f7588fd7] -> nt!IofCallDriver -> \Device\00000069[0x86dc99e8]
    08:08:33.078 5 ACPI.sys[f741f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d74940]
    08:08:33.609 AVAST engine scan C:\WINDOWS
    08:08:44.593 AVAST engine scan C:\WINDOWS\system32
    08:12:09.234 AVAST engine scan C:\WINDOWS\system32\drivers
    08:12:15.890 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
    08:12:24.859 AVAST engine scan C:\Documents and Settings\default User.YOUR-X8YTBSNBLG
    08:14:03.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\MBR.dat"
    08:14:03.453 The log file has been saved successfully to "C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\aswMBR.txt"
    -------------------------------
    Bootkit

    I don't know what happened here but I accidentally clicked outside the box once the scan run and the black box disappeared.

    I ran again:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    I'm sure that is different to the first result. Hope that didn't stuff things up.

    Katy
     
  6. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    19:25:13.0281 1384 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
    19:25:14.0500 1384 ============================================================
    19:25:14.0500 1384 Current date / time: 2012/01/20 19:25:14.0500
    19:25:14.0500 1384 SystemInfo:
    19:25:14.0500 1384
    19:25:14.0500 1384 OS Version: 5.1.2600 ServicePack: 3.0
    19:25:14.0500 1384 Product type: Workstation
    19:25:14.0500 1384 ComputerName: YOUR-X8YTBSNBLG
    19:25:14.0500 1384 UserName: default User
    19:25:14.0500 1384 Windows directory: C:\WINDOWS
    19:25:14.0500 1384 System windows directory: C:\WINDOWS
    19:25:14.0500 1384 Processor architecture: Intel x86
    19:25:14.0500 1384 Number of processors: 2
    19:25:14.0500 1384 Page size: 0x1000
    19:25:14.0500 1384 Boot type: Normal boot
    19:25:14.0500 1384 ============================================================
    19:25:17.0187 1384 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:25:17.0250 1384 Initialize success
    19:25:21.0000 2148 ============================================================
    19:25:21.0000 2148 Scan started
    19:25:21.0000 2148 Mode: Manual;
    19:25:21.0000 2148 ============================================================
    19:25:22.0343 2148 Abiosdsk - ok
    19:25:22.0359 2148 abp480n5 - ok
    19:25:22.0406 2148 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:25:22.0421 2148 ACPI - ok
    19:25:22.0437 2148 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    19:25:22.0437 2148 ACPIEC - ok
    19:25:22.0453 2148 adpu160m - ok
    19:25:22.0515 2148 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:25:22.0515 2148 aec - ok
    19:25:22.0609 2148 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    19:25:22.0609 2148 AFD - ok
    19:25:22.0625 2148 Aha154x - ok
    19:25:22.0656 2148 aic78u2 - ok
    19:25:22.0671 2148 aic78xx - ok
    19:25:22.0718 2148 AliIde - ok
    19:25:22.0734 2148 amsint - ok
    19:25:22.0765 2148 asc - ok
    19:25:22.0796 2148 asc3350p - ok
    19:25:22.0812 2148 asc3550 - ok
    19:25:22.0890 2148 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
    19:25:22.0890 2148 AsusACPI - ok
    19:25:22.0937 2148 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:25:22.0937 2148 AsyncMac - ok
    19:25:22.0984 2148 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:25:23.0000 2148 atapi - ok
    19:25:23.0015 2148 Atdisk - ok
    19:25:23.0062 2148 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:25:23.0062 2148 Atmarpc - ok
    19:25:23.0140 2148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:25:23.0140 2148 audstub - ok
    19:25:23.0203 2148 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    19:25:23.0203 2148 AVGIDSDriver - ok
    19:25:23.0234 2148 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    19:25:23.0234 2148 AVGIDSEH - ok
    19:25:23.0250 2148 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    19:25:23.0250 2148 AVGIDSFilter - ok
    19:25:23.0265 2148 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    19:25:23.0265 2148 AVGIDSShim - ok
    19:25:23.0312 2148 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    19:25:23.0312 2148 Avgldx86 - ok
    19:25:23.0343 2148 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    19:25:23.0343 2148 Avgmfx86 - ok
    19:25:23.0359 2148 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    19:25:23.0359 2148 Avgrkx86 - ok
    19:25:23.0406 2148 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    19:25:23.0406 2148 Avgtdix - ok
    19:25:23.0484 2148 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:25:23.0484 2148 Beep - ok
    19:25:23.0562 2148 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
    19:25:23.0593 2148 btaudio - ok
    19:25:23.0609 2148 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
    19:25:23.0609 2148 BTDriver - ok
    19:25:23.0671 2148 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    19:25:23.0703 2148 BTKRNL - ok
    19:25:23.0734 2148 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    19:25:23.0750 2148 BTWDNDIS - ok
    19:25:23.0781 2148 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    19:25:23.0781 2148 btwhid - ok
    19:25:23.0812 2148 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
    19:25:23.0812 2148 BTWUSB - ok
    19:25:23.0859 2148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:25:23.0859 2148 cbidf2k - ok
    19:25:23.0890 2148 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    19:25:23.0890 2148 CCDECODE - ok
    19:25:23.0906 2148 cd20xrnt - ok
    19:25:23.0937 2148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:25:23.0953 2148 Cdaudio - ok
    19:25:23.0984 2148 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:25:23.0984 2148 Cdfs - ok
    19:25:24.0031 2148 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:25:24.0031 2148 Cdrom - ok
    19:25:24.0046 2148 Changer - ok
    19:25:24.0109 2148 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    19:25:24.0109 2148 CmBatt - ok
    19:25:24.0125 2148 CmdIde - ok
    19:25:24.0156 2148 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    19:25:24.0156 2148 Compbatt - ok
    19:25:24.0203 2148 Cpqarray - ok
    19:25:24.0250 2148 dac2w2k - ok
    19:25:24.0265 2148 dac960nt - ok
    19:25:24.0296 2148 DgiVecp - ok
    19:25:24.0343 2148 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:25:24.0343 2148 Disk - ok
    19:25:24.0406 2148 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:25:24.0453 2148 dmboot - ok
    19:25:24.0500 2148 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:25:24.0500 2148 dmio - ok
    19:25:24.0546 2148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:25:24.0546 2148 dmload - ok
    19:25:24.0593 2148 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:25:24.0593 2148 DMusic - ok
    19:25:24.0625 2148 dpti2o - ok
    19:25:24.0687 2148 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:25:24.0687 2148 drmkaud - ok
    19:25:24.0734 2148 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:25:24.0750 2148 Fastfat - ok
    19:25:24.0812 2148 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    19:25:24.0812 2148 Fdc - ok
    19:25:24.0828 2148 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:25:24.0828 2148 Fips - ok
    19:25:24.0859 2148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    19:25:24.0875 2148 Flpydisk - ok
    19:25:24.0906 2148 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    19:25:24.0921 2148 FltMgr - ok
    19:25:24.0968 2148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:25:24.0968 2148 Fs_Rec - ok
    19:25:25.0031 2148 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:25:25.0031 2148 Ftdisk - ok
    19:25:25.0078 2148 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    19:25:25.0078 2148 GEARAspiWDM - ok
    19:25:25.0109 2148 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:25:25.0109 2148 Gpc - ok
    19:25:25.0171 2148 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:25:25.0171 2148 HDAudBus - ok
    19:25:25.0218 2148 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:25:25.0218 2148 HidUsb - ok
    19:25:25.0234 2148 hpn - ok
    19:25:25.0281 2148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:25:25.0296 2148 HTTP - ok
    19:25:25.0312 2148 hwdatacard - ok
    19:25:25.0359 2148 i2omgmt - ok
    19:25:25.0375 2148 i2omp - ok
    19:25:25.0406 2148 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:25:25.0406 2148 i8042prt - ok
    19:25:25.0625 2148 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    19:25:25.0781 2148 ialm - ok
    19:25:25.0890 2148 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:25:25.0890 2148 Imapi - ok
    19:25:25.0921 2148 ini910u - ok
    19:25:26.0109 2148 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:25:26.0234 2148 IntcAzAudAddService - ok
    19:25:26.0312 2148 IntelIde - ok
    19:25:26.0343 2148 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:25:26.0343 2148 intelppm - ok
    19:25:26.0375 2148 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    19:25:26.0375 2148 Ip6Fw - ok
    19:25:26.0406 2148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:25:26.0406 2148 IpFilterDriver - ok
    19:25:26.0468 2148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:25:26.0468 2148 IpInIp - ok
    19:25:26.0484 2148 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:25:26.0500 2148 IpNat - ok
    19:25:26.0546 2148 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:25:26.0562 2148 IPSec - ok
    19:25:26.0593 2148 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:25:26.0593 2148 IRENUM - ok
    19:25:26.0640 2148 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:25:26.0656 2148 isapnp - ok
    19:25:26.0703 2148 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:25:26.0703 2148 Kbdclass - ok
    19:25:26.0750 2148 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:25:26.0750 2148 kmixer - ok
    19:25:26.0796 2148 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:25:26.0812 2148 KSecDD - ok
    19:25:26.0859 2148 Ktp (8cba0d1da71efba17d15dde1a5ffbb43) C:\WINDOWS\system32\DRIVERS\ETD.sys
    19:25:26.0859 2148 Ktp - ok
    19:25:26.0890 2148 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
    19:25:26.0890 2148 L1e - ok
    19:25:26.0921 2148 Lbd - ok
    19:25:26.0937 2148 lbrtfdc - ok
    19:25:27.0000 2148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:25:27.0000 2148 mnmdd - ok
    19:25:27.0062 2148 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:25:27.0062 2148 Modem - ok
    19:25:27.0109 2148 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:25:27.0109 2148 Mouclass - ok
    19:25:27.0125 2148 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:25:27.0125 2148 mouhid - ok
    19:25:27.0156 2148 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:25:27.0156 2148 MountMgr - ok
    19:25:27.0171 2148 mraid35x - ok
    19:25:27.0234 2148 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:25:27.0234 2148 MRxDAV - ok
    19:25:27.0265 2148 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:25:27.0281 2148 Msfs - ok
    19:25:27.0312 2148 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:25:27.0312 2148 MSKSSRV - ok
    19:25:27.0343 2148 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:25:27.0343 2148 MSPCLOCK - ok
    19:25:27.0390 2148 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:25:27.0406 2148 MSPQM - ok
    19:25:27.0437 2148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:25:27.0437 2148 mssmbios - ok
    19:25:27.0453 2148 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    19:25:27.0468 2148 MSTEE - ok
    19:25:27.0500 2148 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:25:27.0500 2148 Mup - ok
    19:25:27.0546 2148 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    19:25:27.0546 2148 NABTSFEC - ok
    19:25:27.0593 2148 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:25:27.0609 2148 NDIS - ok
    19:25:27.0640 2148 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    19:25:27.0640 2148 NdisIP - ok
    19:25:27.0687 2148 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:25:27.0687 2148 NdisTapi - ok
    19:25:27.0718 2148 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:25:27.0718 2148 Ndisuio - ok
    19:25:27.0750 2148 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:25:27.0750 2148 NdisWan - ok
    19:25:27.0781 2148 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:25:27.0781 2148 NDProxy - ok
    19:25:27.0828 2148 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:25:27.0828 2148 NetBIOS - ok
    19:25:27.0859 2148 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:25:27.0875 2148 NetBT - ok
    19:25:27.0953 2148 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:25:27.0953 2148 Npfs - ok
    19:25:28.0000 2148 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:25:28.0015 2148 Ntfs - ok
    19:25:28.0062 2148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:25:28.0062 2148 Null - ok
    19:25:28.0093 2148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:25:28.0093 2148 NwlnkFlt - ok
    19:25:28.0125 2148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:25:28.0125 2148 NwlnkFwd - ok
    19:25:28.0203 2148 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    19:25:28.0203 2148 Parport - ok
    19:25:28.0250 2148 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:25:28.0250 2148 PartMgr - ok
    19:25:28.0328 2148 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:25:28.0328 2148 ParVdm - ok
    19:25:28.0375 2148 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:25:28.0375 2148 PCI - ok
    19:25:28.0390 2148 PCIDump - ok
    19:25:28.0437 2148 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:25:28.0437 2148 PCIIde - ok
    19:25:28.0484 2148 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:25:28.0484 2148 Pcmcia - ok
    19:25:28.0500 2148 PDCOMP - ok
    19:25:28.0531 2148 PDFRAME - ok
    19:25:28.0546 2148 PDRELI - ok
    19:25:28.0562 2148 PDRFRAME - ok
    19:25:28.0593 2148 perc2 - ok
    19:25:28.0609 2148 perc2hib - ok
    19:25:28.0687 2148 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:25:28.0687 2148 PptpMiniport - ok
    19:25:28.0734 2148 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:25:28.0750 2148 PSched - ok
    19:25:28.0765 2148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:25:28.0765 2148 Ptilink - ok
    19:25:28.0796 2148 ql1080 - ok
    19:25:28.0828 2148 Ql10wnt - ok
    19:25:28.0843 2148 ql12160 - ok
    19:25:28.0875 2148 ql1240 - ok
    19:25:28.0890 2148 ql1280 - ok
    19:25:28.0937 2148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:25:28.0937 2148 RasAcd - ok
    19:25:29.0000 2148 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:25:29.0000 2148 Rasl2tp - ok
    19:25:29.0031 2148 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:25:29.0031 2148 RasPppoe - ok
    19:25:29.0062 2148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:25:29.0062 2148 Raspti - ok
    19:25:29.0109 2148 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:25:29.0109 2148 Rdbss - ok
    19:25:29.0171 2148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:25:29.0187 2148 RDPCDD - ok
    19:25:29.0250 2148 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:25:29.0265 2148 RDPWD - ok
    19:25:29.0312 2148 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:25:29.0312 2148 redbook - ok
    19:25:29.0375 2148 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
    19:25:29.0406 2148 RT80x86 - ok
    19:25:29.0500 2148 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    19:25:29.0500 2148 SASDIFSV - ok
    19:25:29.0515 2148 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    19:25:29.0515 2148 SASKUTIL - ok
    19:25:29.0609 2148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:25:29.0609 2148 Secdrv - ok
    19:25:29.0656 2148 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    19:25:29.0671 2148 Serial - ok
    19:25:29.0703 2148 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:25:29.0703 2148 Sfloppy - ok
    19:25:29.0734 2148 Simbad - ok
    19:25:29.0796 2148 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    19:25:29.0796 2148 SLIP - ok
    19:25:29.0843 2148 Sparrow - ok
    19:25:29.0890 2148 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:25:29.0890 2148 splitter - ok
    19:25:29.0937 2148 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:25:29.0937 2148 sr - ok
    19:25:30.0000 2148 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:25:30.0000 2148 Srv - ok
    19:25:30.0031 2148 SSPORT - ok
    19:25:30.0078 2148 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    19:25:30.0078 2148 streamip - ok
    19:25:30.0125 2148 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:25:30.0125 2148 swenum - ok
    19:25:30.0171 2148 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:25:30.0171 2148 swmidi - ok
    19:25:30.0187 2148 symc810 - ok
    19:25:30.0218 2148 symc8xx - ok
    19:25:30.0234 2148 sym_hi - ok
    19:25:30.0265 2148 sym_u3 - ok
    19:25:30.0312 2148 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:25:30.0328 2148 sysaudio - ok
    19:25:30.0390 2148 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:25:30.0406 2148 Tcpip - ok
    19:25:30.0468 2148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:25:30.0468 2148 TDPIPE - ok
    19:25:30.0500 2148 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:25:30.0500 2148 TDTCP - ok
    19:25:30.0531 2148 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:25:30.0531 2148 TermDD - ok
    19:25:30.0625 2148 TosIde - ok
    19:25:30.0671 2148 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:25:30.0671 2148 Udfs - ok
    19:25:30.0687 2148 ultra - ok
    19:25:30.0750 2148 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:25:30.0765 2148 Update - ok
    19:25:30.0812 2148 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    19:25:30.0812 2148 USBAAPL - ok
    19:25:30.0859 2148 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:25:30.0859 2148 usbccgp - ok
    19:25:30.0890 2148 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:25:30.0890 2148 usbehci - ok
    19:25:30.0921 2148 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:25:30.0921 2148 usbhub - ok
    19:25:30.0953 2148 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:25:30.0953 2148 usbprint - ok
    19:25:31.0015 2148 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:25:31.0031 2148 usbstor - ok
    19:25:31.0062 2148 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:25:31.0062 2148 usbuhci - ok
    19:25:31.0109 2148 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    19:25:31.0109 2148 usbvideo - ok
    19:25:31.0171 2148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:25:31.0187 2148 VgaSave - ok
    19:25:31.0203 2148 ViaIde - ok
    19:25:31.0250 2148 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:25:31.0250 2148 VolSnap - ok
    19:25:31.0296 2148 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:25:31.0296 2148 Wanarp - ok
    19:25:31.0390 2148 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    19:25:31.0390 2148 wceusbsh - ok
    19:25:31.0406 2148 WDICA - ok
    19:25:31.0453 2148 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:25:31.0468 2148 wdmaud - ok
    19:25:31.0609 2148 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    19:25:31.0609 2148 WSTCODEC - ok
    19:25:31.0671 2148 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    19:25:31.0875 2148 \Device\Harddisk0\DR0 - ok
    19:25:31.0890 2148 Boot (0x1200) (795bfcdf9ba9aae457f2d30f1c01738c) \Device\Harddisk0\DR0\Partition0
    19:25:31.0890 2148 \Device\Harddisk0\DR0\Partition0 - ok
    19:25:31.0921 2148 Boot (0x1200) (6e470f945f16b50c8615bf502db83401) \Device\Harddisk0\DR0\Partition1
    19:25:31.0937 2148 \Device\Harddisk0\DR0\Partition1 - ok
    19:25:31.0937 2148 ============================================================
    19:25:31.0937 2148 Scan finished
    19:25:31.0937 2148 ============================================================
    19:25:31.0953 2180 Detected object count: 0
    19:25:31.0953 2180 Actual detected object count: 0
     
  8. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Reopened.......
     
  10. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Copying from another topic.....


    Hi there,

    Broni has been helping me with removal of infection. I was away for a week and so the thread has been closed.

    In the meantime I have followed last instruction and run Combofix after uninstalling AVG free 2012 using AppRemover.

    Now that Combofix has run, can I reinstall an AV program? Any particular recommended (free ones?).

    I'm not after next steps - will wait for thread to be reopened, but I just need to work out the AV as I need to use my computer in the meantime and don't want to be unprotected.

    Please advise.

    Oh - Combofix log just in case that info is needed to answer this question:
    ComboFix 12-01-30.01 - default User 01/30/2012 19:38:15.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.691 [GMT 11:00]
    Running from: c:\documents and settings\default User.YOUR-X8YTBSNBLG\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
    c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
    c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
    c:\documents and settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\assembly\tmp
    c:\program files\XviD-1.2.1-04122008.exe
    c:\windows\$NtUninstallKB29959$
    c:\windows\$NtUninstallKB29959$\282093015\@
    c:\windows\$NtUninstallKB29959$\282093015\bckfg.tmp
    c:\windows\$NtUninstallKB29959$\282093015\cfg.ini
    c:\windows\$NtUninstallKB29959$\282093015\Desktop.ini
    c:\windows\$NtUninstallKB29959$\282093015\keywords
    c:\windows\$NtUninstallKB29959$\282093015\kwrd.dll
    c:\windows\$NtUninstallKB29959$\282093015\L\ixnfowmi
    c:\windows\$NtUninstallKB29959$\282093015\U\00000001.@
    c:\windows\$NtUninstallKB29959$\282093015\U\00000002.@
    c:\windows\$NtUninstallKB29959$\282093015\U\00000004.@
    c:\windows\$NtUninstallKB29959$\282093015\U\80000000.@
    c:\windows\$NtUninstallKB29959$\282093015\U\80000004.@
    c:\windows\$NtUninstallKB29959$\282093015\U\80000032.@
    c:\windows\$NtUninstallKB29959$\3570862413
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-19 11:25 . 2012-01-19 11:25 -------- d-----w- c:\program files\Lavalys
    2012-01-19 10:35 . 2012-01-19 10:35 -------- d--h--w- c:\windows\PIF
    2012-01-18 10:57 . 2012-01-18 10:57 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Malwarebytes
    2012-01-18 10:57 . 2012-01-18 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-18 10:57 . 2012-01-18 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-18 10:57 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-13 21:01 . 2012-01-18 09:01 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki
    2012-01-13 21:01 . 2012-01-18 07:50 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Ufhi
    2012-01-12 09:58 . 2012-01-12 10:09 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\AVG
    2012-01-12 07:34 . 2012-01-30 08:02 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-01-12 07:20 . 2012-01-30 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2012-01-11 14:05 . 2001-08-17 01:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
    2012-01-11 14:05 . 2001-08-17 03:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
    2012-01-11 14:05 . 2008-04-13 13:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
    2012-01-11 14:05 . 2001-08-17 11:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
    2012-01-11 14:05 . 2001-08-17 02:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
    2012-01-11 14:04 . 2001-08-17 01:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
    2012-01-11 14:04 . 2001-08-17 02:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
    2012-01-11 14:04 . 2001-08-17 01:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
    2012-01-11 14:04 . 2001-08-17 11:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
    2012-01-11 14:04 . 2001-08-17 11:36 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
    2012-01-11 14:04 . 2001-08-17 01:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
    2012-01-11 14:04 . 2008-04-13 11:09 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
    2012-01-11 14:04 . 2001-08-17 02:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
    2012-01-11 14:04 . 2001-08-17 02:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
    2012-01-11 14:04 . 2008-04-13 13:10 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
    2012-01-11 14:04 . 2008-04-13 12:53 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
    2012-01-11 14:04 . 2001-08-17 02:28 576746 -c--a-w- c:\windows\system32\dllcache\ltmdmntl.sys
    2012-01-11 14:03 . 2008-04-13 12:53 606684 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
    2012-01-11 14:03 . 2001-08-17 02:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
    2012-01-11 14:03 . 2001-08-17 02:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
    2012-01-11 14:03 . 2001-08-17 01:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
    2012-01-11 14:03 . 2001-08-17 01:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
    2012-01-11 14:03 . 2001-08-17 01:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
    2012-01-11 14:03 . 2001-08-17 02:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
    2012-01-11 14:03 . 2008-04-13 13:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2012-01-11 14:03 . 2001-08-17 01:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
    2012-01-11 14:03 . 2001-08-17 01:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
    2012-01-11 14:02 . 2001-08-17 11:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
    2012-01-11 14:02 . 2008-04-13 18:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
    2012-01-11 14:02 . 2008-04-13 18:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
    2012-01-11 14:02 . 2008-04-13 13:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2012-01-11 14:02 . 2001-08-17 02:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2012-01-11 14:02 . 2001-08-17 02:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
    2012-01-11 14:01 . 2008-04-13 18:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
    2012-01-11 14:01 . 2001-08-17 02:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
    2012-01-11 14:01 . 2008-04-13 18:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
    2012-01-11 14:01 . 2008-04-13 13:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
    2012-01-11 14:01 . 2001-08-17 01:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
    2012-01-11 14:01 . 2001-08-17 11:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
    2012-01-11 14:01 . 2001-08-17 02:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
    2012-01-11 14:01 . 2008-04-13 13:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
    2012-01-11 14:01 . 2001-08-17 02:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
    2012-01-11 14:01 . 2001-08-17 02:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2012-01-11 14:01 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
    2012-01-11 14:00 . 2001-08-17 11:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2012-01-11 14:00 . 2001-08-17 03:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
    2012-01-11 14:00 . 2001-08-17 11:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
    2012-01-11 14:00 . 2001-08-17 11:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
    2012-01-11 14:00 . 2001-08-17 03:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
    2012-01-11 14:00 . 2001-08-17 11:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
    2012-01-11 14:00 . 2001-08-17 11:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
    2012-01-11 14:00 . 2001-08-17 11:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
    2012-01-11 14:00 . 2001-08-17 03:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
    2012-01-11 14:00 . 2001-08-17 03:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
    2012-01-11 13:58 . 2001-08-17 02:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
    2012-01-11 13:58 . 2001-08-17 02:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
    2012-01-11 13:58 . 2001-08-17 02:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
    2012-01-11 13:58 . 2001-08-17 02:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
    2012-01-11 13:58 . 2001-08-17 02:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
    2012-01-11 13:58 . 2001-08-17 02:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
    2012-01-11 13:58 . 2001-08-17 02:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
    2012-01-11 13:58 . 2001-08-17 11:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
    2012-01-11 13:58 . 2001-08-17 02:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
    2012-01-11 13:58 . 2001-08-17 02:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
    2012-01-11 13:58 . 2001-08-17 02:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
    2012-01-11 13:58 . 2001-08-17 02:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
    2012-01-11 13:57 . 2001-08-17 02:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
    2012-01-11 13:57 . 2001-08-17 11:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
    2012-01-11 13:57 . 2001-08-17 02:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
    2012-01-11 13:57 . 2001-08-17 11:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
    2012-01-11 13:57 . 2001-08-17 11:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
    2012-01-11 13:57 . 2001-08-17 03:07 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
    2012-01-11 13:57 . 2001-08-17 11:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
    2012-01-11 13:57 . 2001-08-17 11:36 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
    2012-01-11 13:57 . 2001-08-17 11:36 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
    2012-01-11 13:57 . 2001-08-17 11:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
    2012-01-11 13:57 . 2001-08-17 11:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
    2012-01-11 13:55 . 2001-08-17 02:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
    2012-01-11 13:55 . 2001-08-17 02:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
    2012-01-11 13:55 . 2008-04-13 13:15 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
    2012-01-11 13:55 . 2008-04-13 13:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
    2012-01-11 13:55 . 2008-04-13 13:06 46464 -c--a-w- c:\windows\system32\dllcache\gagp30kx.sys
    2012-01-11 13:55 . 2001-08-17 01:49 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
    2012-01-11 13:55 . 2001-08-17 03:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
    2012-01-11 13:55 . 2001-08-17 01:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
    2012-01-11 13:55 . 2001-08-17 03:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
    2012-01-11 13:55 . 2001-08-17 01:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
    2012-01-11 13:55 . 2001-08-17 11:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
    2012-01-11 13:55 . 2001-08-17 01:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
    2012-01-11 13:54 . 2001-08-17 01:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
    2012-01-11 13:54 . 2001-08-17 01:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
    2012-01-11 13:54 . 2001-08-17 01:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
    2012-01-11 13:54 . 2001-08-17 01:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
    2012-01-11 13:54 . 2008-04-13 11:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
    2012-01-11 13:54 . 2001-08-17 11:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
    2012-01-11 13:54 . 2001-08-17 01:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
    2012-01-11 13:54 . 2001-08-17 01:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
    2012-01-11 13:54 . 2001-08-17 01:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
    2012-01-11 13:54 . 2001-08-17 01:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
    2012-01-11 13:52 . 2001-08-17 01:19 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
    2012-01-11 13:51 . 2001-08-17 01:11 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
    2012-01-11 13:50 . 2001-08-17 03:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
    2012-01-11 13:49 . 2001-08-17 11:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
    2012-01-11 13:48 . 2001-08-17 01:12 63208 -c--a-w- c:\windows\system32\dllcache\dc21x4.sys
    2012-01-11 13:47 . 2001-08-17 01:19 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
    2012-01-11 13:46 . 2001-08-17 01:13 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
    2012-01-11 13:45 . 2001-08-17 02:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2012-01-11 13:44 . 2008-04-13 18:41 17279 -c--a-w- c:\windows\system32\dllcache\atv10nt5.dll
    2012-01-11 13:43 . 2001-08-17 03:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
    2012-01-11 13:42 . 2008-04-13 18:41 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
    2012-01-10 12:31 . 2012-01-10 12:31 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\SanctionedMedia
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:25 . 2008-06-27 05:13 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2008-06-27 05:13 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2008-06-27 05:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2008-06-27 05:13 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2008-06-27 05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2008-06-27 05:13 1288704 ----a-w- c:\windows\system32\ole32.dll
    2010-08-13 02:24 . 2010-08-13 02:24 567624 ----a-w- c:\program files\GoogleEarthSetup.exe
    2010-03-21 11:14 . 2010-03-21 11:14 1098920 ----a-w- c:\program files\yahoomailuploader_0.5.exe
    2010-03-10 03:52 . 2010-03-10 03:52 607584 ----a-w- c:\program files\RMITAU-SecureW2.exe
    2009-06-17 17:30 . 2010-07-27 12:12 2525169 ----a-w- c:\program files\JPG-to-PDF-Converter-Setup.exe
    2008-10-06 18:29 . 2008-12-23 04:57 1851544 ----a-w- c:\program files\install_flash_player.exe
    2008-05-07 23:34 . 2008-06-27 06:48 15523560 ----a-w- c:\program files\U1 Setup.exe
    2010-02-13 12:30 . 2009-08-05 00:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-7-23 303104]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-15 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 07:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-01-10 12:37 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "c:\\Program Files\\IEPro\\MiniDM.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\explorer.exe"= %windir%\explorer.exe
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/18/2010 5:25 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/5/2011 4:54 AM 116608]
    R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6/27/2008 4:36 PM 625024]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2010 3:06 PM 136176]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/5/2009 11:36 AM 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2010 3:06 PM 136176]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
    .
    2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 04:05]
    .
    2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 04:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eeepc.asus.com/global
    uInternet Settings,ProxyServer = proxy.tpg.com.au:3128
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab
    FF - ProfilePath - c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com.au/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q=
    FF - prefs.js: network.proxy.ftp - 10.12.0.1
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - 10.12.0.1
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - 10.12.0.1
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - 10.12.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 10.12.0.1
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
    FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
    FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-{301496E7-380D-83E4-99E3-A828578AB168} - c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki\wavipao.exe
    Notify-TPSvc - TPSvc.dll
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-30 19:55
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,69,30,ed,5b,eb,80,4f,92,63,ec, \
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,69,30,ed,5b,eb,80,4f,92,63,ec, \
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(588)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1656)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-30 20:00:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-30 09:00
    .
    Pre-Run: 22,959,644,672 bytes free
    Post-Run: 24,144,855,040 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 2ED1B25B040356FF819A67D8A70B199A
     
  11. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\WINDOWS\system32\drivers\mrxsmb.sys
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
     
  12. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    Hi Broni and thanks for reopening thread.

    See below.
    Is there any need to also scan mrxdav.sys?

    Also - my windows Automatic Updates is asking me to update. Should I? Or is this a nasty rootkit trick???

    Scan results:

    SHA256: 2a7cb008799d1e1a078f306999694b5477022436065d6f3252662f77217fb371
    File name: mrxsmb.sys
    Detection ratio: 23 / 43
    Analysis date: 2012-01-31 07:12:52 UTC ( 0 minutes ago )
    00
    Antivirus Result Update
    AhnLab-V3 - 20120130
    AntiVir TR/Rootkit.Gen2 20120131
    Antiy-AVL Virus/Win32.ZAccess.gen 20120130
    Avast Win32:Smadow [Rtk] 20120131
    AVG Dropper.Generic5.TOP 20120130
    BitDefender Gen:Variant.Graftor.13001 20120131
    ByteHero - 20120128
    CAT-QuickHeal - 20120131
    ClamAV - 20120131
    Commtouch - 20120130
    Comodo - 20120128
    DrWeb - 20120131
    Emsisoft Rootkit.Win32.ZAccess!IK 20120131
    eSafe - 20120130
    eTrust-Vet - 20120130
    F-Prot - 20120130
    F-Secure Gen:Variant.Graftor.13001 20120131
    Fortinet W32/ZAccess.H!tr.rkit 20120131
    GData Gen:Variant.Graftor.13001 20120131
    Ikarus Rootkit.Win32.ZAccess 20120131
    Jiangmin - 20120131
    K7AntiVirus Riskware 20120130
    Kaspersky Virus.Win32.ZAccess.l 20120131
    McAfee ZeroAccess.bq 20120131
    McAfee-GW-Edition ZeroAccess.bq 20120131
    Microsoft TrojanDropper:Win32/Sirefef.B 20120130
    NOD32 Win32/Sirefef.DA 20120131
    Norman - 20120130
    nProtect Gen:Variant.Graftor.13001 20120130
    Panda Generic Trojan 20120130
    PCTools Trojan.Zeroaccess 20120131
    Prevx - 20120131
    Rising - 20120118
    Sophos - 20120131
    SUPERAntiSpyware - 20120131
    Symantec Trojan.Zeroaccess!inf 20120131
    TheHacker - 20120130
    TrendMicro - 20120131
    TrendMicro-HouseCall - 20120131
    VBA32 Rootkit.Maxplus.2312 20120130
    VIPRE Trojan.Win32.Generic!BT 20120131
    ViRobot - 20120131
    VirusBuster Trojan.Sirefef!8fP4ZLKW+3A 20120130
     
  13. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      mrxsmb.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  14. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    System look

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:57 on 01/02/2012 by default User
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "mrxsmb.sys"
    C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys --a---- 457472 bytes [12:12 14/04/2011] [13:19 17/02/2011] FB7DFD15D760AD339837A470F0E780D3
    C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys --a---- 457856 bytes [13:15 17/06/2011] [16:47 29/04/2011] 8DD801E28EB76FDA2A38907882A0036F
    C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys --a---- 457856 bytes [22:14 14/08/2011] [13:29 15/07/2011] FB2FCCC70F7174C7BF64F48E96D3ADF4
    C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys --a---- 455936 bytes [02:20 12/12/2008] [11:41 24/10/2008] 7170AB42B51954DEF2781A4D1CCE65F4
    C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys --a---- 456832 bytes [01:40 11/02/2010] [17:25 04/12/2009] 602549D1E8A622E5746991F6C56B21CA
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys --a---- 457216 bytes [00:32 14/04/2010] [11:57 24/02/2010] D09B9F0B9960DD41E73127B7814C115F
    C:\WINDOWS\Driver Cache\i386\mrxsmb.sys ------- 456320 bytes [02:20 12/12/2008] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    C:\WINDOWS\system32\dllcache\mrxsmb.sys --a--c- 456320 bytes [02:20 12/12/2008] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    C:\WINDOWS\system32\drivers\mrxsmb.sys --a---- 456320 bytes [02:20 12/12/2008] [13:29 15/07/2011] 7D4E5E3FB05DB5406F8661C0EEC4AB50

    -= EOF =-
     
  15. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys | C:\WINDOWS\system32\drivers\mrxsmb.sys
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys | C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys | C:\WINDOWS\system32\dllcache\mrxsmb.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    Post new aswMBR log as well.
     
  16. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    Hi Broni,

    I had to leave the room when combofix was doing its thing, and when I came back there were no windows open only the desktop showing, and no new txt files.

    i restarted. No new windows or scans or text files. There does not appear to be a new Combofix log. Would a new aswMBR come up automatically or do I need to run aswMBR.exe again?

    Tonight when I started up my computer for the first time it again froze on the "welcome" screen - did not go through to startup. What causes this? I restarted by holding down the power button, and starting it again, and it booted up fine. Sometimes it doesn't. Do you have any idea why this happens and what i can do to rectify the problem?

    I note that I do not have any AV on my computer since removing AVG free 2012 before I did the first combofix scan. Apart from that I only have the free Malwarebytes and free SUPERAntiSpyware (which I think I should remove anyway).

    kate
     
  17. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Re-run Combofix fix.
     
  18. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    I tried to re-run combofix by dragging the script in again, and the window flashed up for about a second only before closing again.

    Tried to run just by double clicking on combofix.exe and it did the same thing.

    Restarted in Safe Mode - no joy either.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Post new aswMBR log.
     
  20. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-04 09:02:11
    -----------------------------
    09:02:11.656 OS Version: Windows 5.1.2600 Service Pack 3
    09:02:11.656 Number of processors: 2 586 0x1C02
    09:02:11.656 ComputerName: YOUR-X8YTBSNBLG UserName: default User
    09:02:12.281 Initialize success
    09:18:05.421 AVAST engine defs: 12020301
    09:18:19.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    09:18:19.828 Disk 0 Vendor: ST9160827AS 3.AAA Size: 152627MB BusType: 3
    09:18:19.843 Disk 0 MBR read successfully
    09:18:19.859 Disk 0 MBR scan
    09:18:19.906 Disk 0 Windows XP default MBR code
    09:18:19.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81933 MB offset 63
    09:18:19.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70653 MB offset 167798925
    09:18:19.968 Disk 0 Partition 3 00 EF EFI FAT B 39 MB offset 312496380
    09:18:20.093 Disk 0 scanning sectors +312576705
    09:18:20.171 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:18:24.187 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
    09:18:28.718 Disk 0 trace - called modules:
    09:18:28.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    09:18:28.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d13ab8]
    09:18:28.765 3 CLASSPNP.SYS[f7588fd7] -> nt!IofCallDriver -> \Device\00000065[0x86d6d948]
    09:18:28.781 5 ACPI.sys[f741f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d6dd98]
    09:18:29.265 AVAST engine scan C:\WINDOWS
    09:18:37.437 AVAST engine scan C:\WINDOWS\system32
    09:20:45.234 AVAST engine scan C:\WINDOWS\system32\drivers
    09:20:50.046 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
    09:20:57.359 AVAST engine scan C:\Documents and Settings\default User.YOUR-X8YTBSNBLG
    09:31:58.875 AVAST engine scan C:\Documents and Settings\All Users
    09:33:45.859 Scan finished successfully
    09:35:40.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\MBR.dat"
    09:35:40.843 The log file has been saved successfully to "C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\aswMBR-2.txt"
     
  21. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:
    Code:
    CopyFile:
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys C:\WINDOWS\system32\drivers\mrxsmb.sys
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys "C:\WINDOWS\Driver Cache\i386\mrxsmb.sys"
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys C:\WINDOWS\system32\dllcache\mrxsmb.sys
    
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
     
  22. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    CopyFileOnReboot: sourceFile = "\??\c:\windows\$hf_mig$\kb980232\sp3qfe\mrxsmb.sys", destinationFile = "\??\c:\windows\system32\drivers\mrxsmb.sys"CopyFileOnReboot: sourceFile = "\??\c:\windows\$hf_mig$\kb980232\sp3qfe\mrxsmb.sys", destinationFile = "\??\c:\windows\driver cache\i386\mrxsmb.sys"CopyFileOnReboot: sourceFile = "\??\c:\windows\$hf_mig$\kb980232\sp3qfe\mrxsmb.sys", destinationFile = "\??\c:\windows\system32\dllcache\mrxsmb.sys"
     
  23. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    OTL part 1

    OTL.Txt


    OTL logfile created on: 2/5/2012 8:22:52 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.17 Mb Total Physical Memory | 683.20 Mb Available Physical Memory | 67.30% Memory free
    2.38 Gb Paging File | 2.17 Gb Available in Paging File | 91.05% Paging File free
    Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 80.01 Gb Total Space | 22.61 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
    Drive D: | 69.00 Gb Total Space | 16.92 Gb Free Space | 24.52% Space Free | Partition Type: NTFS

    Computer Name: YOUR-X8YTBSNBLG | User Name: default User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/05 08:21:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\OTL.exe
    PRC - [2012/01/10 23:37:03 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2008/07/01 02:18:32 | 000,303,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    PRC - [2008/06/04 07:43:56 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
    PRC - [2008/06/04 06:34:38 | 000,479,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    PRC - [2008/05/21 19:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/05 13:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/09/12 05:04:18 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ml285pl3.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2012/01/10 23:37:03 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2007/01/05 13:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/15 22:06:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/08/15 22:06:21 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2008/07/16 21:52:00 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/15 14:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2008/04/15 14:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2008/03/29 11:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
    DRV - [2008/03/27 20:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2008/03/11 22:37:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
    DRV - [2008/03/10 21:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2008/02/04 20:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2007/09/20 14:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2007/07/27 14:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
    IE - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.tpg.com.au:3128

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com.au/"
    FF - prefs.js..extensions.enabledItems: en-AU@dictionaries.addons.mozilla.org:2.1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q="
    FF - prefs.js..network.proxy.ftp: "10.12.0.1"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "10.12.0.1"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "10.12.0.1"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "10.12.0.1"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "10.12.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8080
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 08:25:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 08:25:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/27 20:17:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2008/12/22 12:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Extensions
    [2012/01/30 18:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions
    [2011/05/30 20:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/05/30 20:16:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
    [2011/05/30 20:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2011/05/30 20:16:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
    [2011/05/01 15:42:33 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\2020Player@2020Technologies.com
    [2011/10/02 13:04:44 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\2020Player_IKEA@2020Technologies.com
    [2010/08/31 22:55:41 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\en-AU@dictionaries.addons.mozilla.org
    [2011/05/29 22:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\extensions\staged-xpis(2)
    [2012/01/30 18:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/04 15:47:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/03/05 15:15:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/01 23:37:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
    [2009/03/11 00:03:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/03/15 23:58:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
    CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: 20-20 3D Viewer for IKEA = C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.7.0_0\
    CHR - Extension: Gmail = C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/01/30 19:55:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1806030720-1702115063-398037475-1006\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1229040912093 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1229040817312 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F47B02A0-6225-4C9E-AD19-C3B7F6D9B2F9}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/06/27 16:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  25. Katyjane

    Katyjane TS Rookie Topic Starter Posts: 26

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/05 08:21:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\OTL.exe
    [2012/02/04 22:51:37 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\BlitzBlank.exe
    [2012/02/02 20:24:40 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/01/30 19:18:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/30 19:15:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/30 19:15:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/30 19:15:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/30 19:15:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/30 19:15:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/30 19:15:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/30 18:44:51 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\AppRemover.exe
    [2012/01/20 19:23:25 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\tdsskiller.exe
    [2012/01/20 08:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\bootkit_remover
    [2012/01/20 07:39:53 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\aswMBR.exe
    [2012/01/19 22:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavalys
    [2012/01/19 22:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
    [2012/01/19 22:23:20 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\everesthome220.exe
    [2012/01/19 21:42:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Start Menu\Programs\Administrative Tools
    [2012/01/19 21:35:38 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\dds.pif
    [2012/01/19 21:35:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2012/01/18 21:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Malwarebytes
    [2012/01/18 21:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/18 21:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/01/18 21:57:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/01/18 21:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/18 21:34:38 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/14 08:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki
    [2012/01/14 08:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Ufhi
    [2012/01/12 20:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\AVG
    [2012/01/12 20:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup
    [2012/01/12 20:54:51 | 008,351,256 | ---- | C] (AVG ) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\avg_pct_stf_all_10_27.exe
    [2012/01/12 18:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2012/01/12 18:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/01/12 01:35:30 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2012/01/12 01:35:23 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2012/01/12 01:35:00 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2012/01/12 01:34:53 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2012/01/12 01:34:18 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2012/01/12 01:34:12 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2012/01/12 01:33:56 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2012/01/12 01:33:20 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2012/01/12 01:32:49 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2012/01/12 01:32:42 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2012/01/12 01:32:35 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2012/01/12 01:32:28 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2012/01/12 01:32:20 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2012/01/12 01:32:12 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2012/01/12 01:32:05 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2012/01/12 01:31:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2012/01/12 01:31:03 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2012/01/12 01:30:56 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2012/01/12 01:30:49 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2012/01/12 01:30:36 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2012/01/12 01:29:54 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2012/01/12 01:29:24 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2012/01/12 01:29:16 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2012/01/12 01:28:48 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2012/01/12 01:28:42 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2012/01/12 01:28:36 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2012/01/12 01:28:31 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2012/01/12 01:28:25 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2012/01/12 01:28:19 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2012/01/12 01:27:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2012/01/12 01:27:22 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2012/01/12 01:27:15 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2012/01/12 01:27:13 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2012/01/12 01:27:06 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2012/01/12 01:27:00 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2012/01/12 01:26:38 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2012/01/12 01:26:32 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2012/01/12 01:25:13 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2012/01/12 01:25:07 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2012/01/12 01:25:01 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2012/01/12 01:24:54 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2012/01/12 01:24:45 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2012/01/12 01:24:07 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2012/01/12 01:23:15 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2012/01/12 01:23:09 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2012/01/12 01:23:02 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2012/01/12 01:22:56 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2012/01/12 01:22:51 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2012/01/12 01:22:01 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2012/01/12 01:21:56 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2012/01/12 01:21:50 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2012/01/12 01:21:35 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2012/01/12 01:20:45 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2012/01/12 01:20:38 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2012/01/12 01:20:33 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2012/01/12 01:20:27 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2012/01/12 01:19:43 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2012/01/12 01:19:30 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2012/01/12 01:19:25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2012/01/12 01:18:56 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2012/01/12 01:18:49 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2012/01/12 01:18:43 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2012/01/12 01:18:37 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2012/01/12 01:18:32 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2012/01/12 01:18:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2012/01/12 01:18:20 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2012/01/12 01:18:15 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2012/01/12 01:18:09 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2012/01/12 01:17:56 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2012/01/12 01:17:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2012/01/12 01:17:47 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2012/01/12 01:17:45 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2012/01/12 01:17:21 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2012/01/12 01:17:09 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2012/01/12 01:17:01 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2012/01/12 01:16:53 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2012/01/12 01:16:26 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2012/01/12 01:16:20 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2012/01/12 01:15:25 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2012/01/12 01:15:19 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2012/01/12 01:15:12 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2012/01/12 01:14:49 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2012/01/12 01:13:14 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2012/01/12 01:12:48 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2012/01/12 01:12:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2012/01/12 01:12:40 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2012/01/12 01:11:23 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2012/01/12 01:11:18 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2012/01/12 01:11:13 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2012/01/12 01:11:07 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2012/01/12 01:10:33 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2012/01/12 01:10:12 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2012/01/12 01:10:07 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2012/01/12 01:09:57 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2012/01/12 01:09:39 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2012/01/12 01:09:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2012/01/12 01:09:15 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2012/01/12 01:09:09 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2012/01/12 01:09:03 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2012/01/12 01:08:57 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2012/01/12 01:08:50 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2012/01/12 01:08:44 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2012/01/12 01:08:25 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2012/01/12 01:08:19 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2012/01/12 01:08:13 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2012/01/12 01:08:06 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2012/01/12 01:08:00 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2012/01/12 01:06:10 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2012/01/12 01:04:58 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2012/01/12 01:04:15 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2012/01/12 01:04:09 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2012/01/12 01:04:06 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2012/01/12 01:04:00 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2012/01/12 01:03:59 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2012/01/12 01:03:54 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2012/01/12 01:03:37 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2012/01/12 01:03:31 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2012/01/12 01:03:26 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2012/01/12 01:03:19 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2012/01/12 01:03:07 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2012/01/12 01:03:01 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2012/01/12 01:01:53 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2012/01/12 01:00:51 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2012/01/12 00:57:18 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2012/01/12 00:56:58 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2012/01/12 00:56:01 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2012/01/12 00:55:56 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2012/01/12 00:55:52 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2012/01/12 00:55:23 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2012/01/12 00:55:01 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2012/01/12 00:54:56 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2012/01/12 00:54:49 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2012/01/12 00:54:44 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2012/01/12 00:54:40 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2012/01/12 00:54:36 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2012/01/12 00:54:06 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2012/01/12 00:53:57 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2012/01/12 00:53:53 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2012/01/12 00:51:02 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2012/01/12 00:50:47 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2012/01/12 00:50:30 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2012/01/12 00:50:25 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2012/01/12 00:50:23 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2012/01/12 00:50:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2012/01/12 00:50:10 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2012/01/12 00:50:08 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2012/01/12 00:50:05 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2012/01/12 00:50:01 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2012/01/12 00:49:19 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2012/01/12 00:49:16 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2012/01/12 00:49:08 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2012/01/12 00:48:22 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2012/01/12 00:48:20 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2012/01/12 00:48:18 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2012/01/12 00:48:15 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2012/01/12 00:48:13 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2012/01/12 00:48:11 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2012/01/12 00:48:09 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2012/01/12 00:48:05 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2012/01/12 00:47:50 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2012/01/12 00:47:28 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2012/01/12 00:47:14 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2012/01/12 00:47:03 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2012/01/12 00:47:02 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2012/01/12 00:47:01 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2012/01/12 00:46:59 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2012/01/12 00:46:58 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2012/01/12 00:46:53 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2012/01/12 00:46:52 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2012/01/12 00:46:50 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2012/01/12 00:46:49 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2012/01/12 00:46:46 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2012/01/12 00:46:43 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2012/01/12 00:45:51 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2012/01/12 00:45:50 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2012/01/12 00:45:48 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2012/01/12 00:45:47 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2012/01/12 00:45:46 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2012/01/12 00:45:45 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2012/01/12 00:45:43 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2012/01/12 00:45:42 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2012/01/12 00:45:40 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2012/01/12 00:45:38 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2012/01/12 00:45:37 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2012/01/12 00:45:35 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2012/01/12 00:45:34 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2012/01/12 00:45:32 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2012/01/12 00:45:31 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2012/01/12 00:45:30 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2012/01/12 00:45:29 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2012/01/12 00:45:28 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2012/01/12 00:45:20 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2012/01/12 00:45:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2012/01/12 00:45:14 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2012/01/12 00:45:12 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2012/01/12 00:45:11 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2012/01/12 00:45:10 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2012/01/12 00:45:09 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2012/01/12 00:45:08 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2012/01/12 00:43:31 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2012/01/12 00:43:19 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2012/01/12 00:42:46 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2012/01/12 00:42:44 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2012/01/12 00:42:43 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2012/01/12 00:42:42 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2012/01/12 00:42:41 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2012/01/12 00:42:38 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2012/01/12 00:42:30 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2012/01/12 00:42:29 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2012/01/12 00:42:24 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2012/01/12 00:42:24 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2012/01/12 00:42:23 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2012/01/11 23:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2012/01/11 18:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/01/11 18:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/01/10 23:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\SanctionedMedia
    [2010/08/13 13:24:43 | 000,567,624 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe
    [2010/07/27 23:12:22 | 002,525,169 | ---- | C] (PDF-TIFF-Tools.com) -- C:\Program Files\JPG-to-PDF-Converter-Setup.exe
    [2008/12/23 15:57:12 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
    [2008/06/27 17:48:49 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/05 08:21:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\OTL.exe
    [2012/02/05 08:10:23 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2012/02/05 08:10:18 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/05 08:10:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/05 08:10:08 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/04 22:51:37 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\BlitzBlank.exe
    [2012/02/04 22:00:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/04 09:52:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/04 09:35:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\MBR.dat
    [2012/02/03 19:26:50 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/02 20:26:20 | 004,395,504 | R--- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\ComboFix.exe
    [2012/02/01 21:56:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\SystemLook.exe
    [2012/01/31 19:16:57 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Backup of Describe an interest you have that you would truly hope your partner could share with you.wbk
    [2012/01/31 18:45:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Microsoft Office Word 2003.lnk
    [2012/01/30 19:55:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/30 19:18:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/01/30 18:57:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/01/30 18:47:01 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\AppRemover.exe
    [2012/01/20 19:24:37 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\tdsskiller.exe
    [2012/01/20 08:17:48 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\bootkit_remover.zip
    [2012/01/20 07:40:26 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\aswMBR.exe
    [2012/01/19 22:25:19 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\EVEREST Home Edition.lnk
    [2012/01/19 22:23:52 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\everesthome220.exe
    [2012/01/19 22:00:19 | 000,009,880 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Kates nasty Scan results text.csv
    [2012/01/19 21:59:27 | 000,009,880 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Kates nasty Scan results.csv
    [2012/01/19 21:37:10 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\dds.pif
    [2012/01/19 20:54:53 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\onrjw4kj.exe
    [2012/01/19 07:15:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/01/18 21:57:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/18 21:54:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/14 10:05:36 | 000,248,173 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\My Documents\76735.pdf
    [2012/01/12 20:56:41 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\AVG PC Tuneup.lnk
    [2012/01/12 20:55:03 | 008,351,256 | ---- | M] (AVG ) -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\avg_pct_stf_all_10_27.exe
    [2012/01/12 18:38:14 | 000,009,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2012/01/11 23:04:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\prvlcl.dat
    [2012/01/10 23:34:17 | 000,018,038 | -HS- | M] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\jmg5b4x3xvhi
    [2012/01/10 23:34:17 | 000,018,038 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jmg5b4x3xvhi
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/03 19:07:50 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/01 21:56:34 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\SystemLook.exe
    [2012/01/31 19:16:56 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Backup of Describe an interest you have that you would truly hope your partner could share with you.wbk
    [2012/01/30 19:18:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/01/30 19:18:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/01/30 19:15:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/30 19:15:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/30 19:15:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/30 19:15:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/30 19:15:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/30 18:43:31 | 004,395,504 | R--- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\ComboFix.exe
    [2012/01/20 08:17:51 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\bootkit_remover.zip
    [2012/01/20 08:14:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\MBR.dat
    [2012/01/19 22:25:19 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\EVEREST Home Edition.lnk
    [2012/01/19 21:59:55 | 000,009,880 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Kates nasty Scan results text.csv
    [2012/01/19 20:54:50 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\onrjw4kj.exe
    [2012/01/18 21:57:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/18 21:00:59 | 000,009,880 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\Kates nasty Scan results.csv
    [2012/01/14 10:05:42 | 000,248,173 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\My Documents\76735.pdf
    [2012/01/12 20:56:41 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Desktop\AVG PC Tuneup.lnk
    [2012/01/12 18:33:51 | 000,009,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2012/01/12 01:35:22 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2012/01/12 01:35:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2012/01/12 01:15:02 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2012/01/12 01:14:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2012/01/12 01:06:43 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2012/01/12 00:57:13 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2012/01/12 00:57:03 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2012/01/12 00:56:53 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2012/01/12 00:56:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2012/01/12 00:56:33 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2012/01/12 00:50:20 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2012/01/12 00:50:18 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2012/01/12 00:50:15 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2012/01/12 00:44:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2012/01/12 00:44:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2012/01/12 00:44:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2012/01/12 00:44:29 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2012/01/12 00:44:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2012/01/12 00:44:26 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2012/01/12 00:44:25 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2012/01/12 00:44:24 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2012/01/12 00:44:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2012/01/12 00:43:56 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2012/01/10 23:31:46 | 000,018,038 | -HS- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\jmg5b4x3xvhi
    [2012/01/10 23:31:46 | 000,018,038 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jmg5b4x3xvhi
    [2011/11/16 21:34:33 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
    [2011/11/16 21:34:33 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
    [2011/11/16 21:34:31 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
    [2011/11/16 21:34:31 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
    [2011/06/07 23:36:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/10/29 16:48:58 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
    [2010/10/29 16:48:56 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
    [2010/08/22 21:37:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\prvlcl.dat
    [2010/04/03 19:37:21 | 000,068,356 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/03/21 22:14:25 | 001,098,920 | ---- | C] () -- C:\Program Files\yahoomailuploader_0.5.exe
    [2010/03/16 18:39:15 | 000,000,138 | ---- | C] () -- C:\Program Files\SAMSUNG Dr.Printer.url
    [2010/03/16 18:38:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ml285pl3.dll
    [2010/03/10 14:52:17 | 000,607,584 | ---- | C] () -- C:\Program Files\RMITAU-SecureW2.exe
    [2009/07/24 18:02:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/05/29 23:15:30 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/05/29 23:15:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/04/22 20:38:55 | 000,008,401 | ---- | C] () -- C:\Program Files\send_filter-1.0-tb+sm.xpi
    [2009/04/22 18:21:25 | 000,039,971 | ---- | C] () -- C:\Program Files\quickfile-0.17.0.0008-zm+tb.xpi
    [2009/01/29 16:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/01/29 12:14:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2009/01/12 12:39:13 | 000,057,033 | ---- | C] () -- C:\Program Files\3001-8022_4-10045910.htm
    [2008/12/31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/12/31 18:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
    [2008/12/22 12:30:29 | 002,144,261 | ---- | C] () -- C:\Program Files\lightning-0.9-tb-win.xpi
    [2008/12/22 12:02:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/11/30 03:19:49 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/18 22:06:21 | 000,007,364 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\wklnhst.dat
    [2008/10/29 01:53:57 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\fusioncache.dat
    [2008/07/23 09:28:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/07/23 09:28:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
    [2008/06/27 23:04:38 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/06/27 18:53:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/06/27 17:17:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/06/27 17:17:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/06/27 17:17:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/06/27 17:17:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/06/27 17:17:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/06/27 17:17:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/06/27 16:40:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE
    [2008/06/27 16:35:32 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2008/06/27 16:30:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/06/27 16:26:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/06/27 16:13:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/06/27 16:13:13 | 000,445,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/06/27 16:13:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/06/27 16:13:13 | 000,072,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/06/27 16:13:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/06/27 16:13:13 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/06/27 16:13:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/06/27 16:13:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/06/27 16:13:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/06/27 16:13:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/06/27 16:13:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/06/27 16:13:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/06/27 09:20:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/06/27 09:19:44 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/04/15 07:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2008/03/21 00:58:30 | 000,000,173 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
    [2008/03/18 09:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
    [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/11/15 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2012/01/12 18:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/03/21 21:03:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/11/20 04:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ECAP
    [2008/07/23 09:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2012/01/30 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/10/29 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
    [2012/01/12 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/03/10 16:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
    [2010/12/27 20:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/20 12:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/26 18:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/01/12 21:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\AVG
    [2010/06/25 00:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\EndNote
    [2009/02/03 19:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\ICAClient
    [2009/02/03 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\IEPro
    [2008/11/08 22:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\InterVideo
    [2009/02/02 15:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\MiniDm
    [2009/02/03 19:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Runaware
    [2011/07/02 11:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\SolidDocuments
    [2009/08/05 09:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\StarOffice8
    [2008/11/18 22:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Template
    [2008/12/22 12:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Thunderbird
    [2012/01/18 18:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Ufhi
    [2012/01/18 20:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki

    ========== Purity Check ==========
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.