Solved No scan finds the problem, but Malwarebytes is blocking outgoing and incoming

I was getting the blue screen of death in attempting to reboot to post this log. I opened windows in last known good configuration to get it in BSOD code was: 0x0000005, 0xBA4B95E, 0xBA50B86C, oxBA50B568
kdcom.dll, Address BA4B915E base at BA4B8000, DateStamp 4e553a48

TDSSKiller log:
2011/09/24 10:39:01.0996 4756 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/09/24 10:39:21.0471 4756 ================================================================================
2011/09/24 10:39:21.0471 4756 SystemInfo:
2011/09/24 10:39:21.0471 4756
2011/09/24 10:39:21.0471 4756 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/24 10:39:21.0471 4756 Product type: Workstation
2011/09/24 10:39:21.0471 4756 ComputerName: GM7RBC1
2011/09/24 10:39:21.0471 4756 UserName: LZanone
2011/09/24 10:39:21.0471 4756 Windows directory: C:\WINDOWS
2011/09/24 10:39:21.0471 4756 System windows directory: C:\WINDOWS
2011/09/24 10:39:21.0471 4756 Processor architecture: Intel x86
2011/09/24 10:39:21.0471 4756 Number of processors: 2
2011/09/24 10:39:21.0471 4756 Page size: 0x1000
2011/09/24 10:39:21.0471 4756 Boot type: Normal boot
2011/09/24 10:39:21.0471 4756 ================================================================================
2011/09/24 10:39:23.0346 4756 Initialize success
2011/09/24 10:40:08.0095 4940 ================================================================================
2011/09/24 10:40:08.0095 4940 Scan started
2011/09/24 10:40:08.0095 4940 Mode: Manual;
2011/09/24 10:40:08.0095 4940 ================================================================================
2011/09/24 10:40:10.0627 4940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/24 10:40:10.0845 4940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/24 10:40:11.0017 4940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/24 10:40:11.0158 4940 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/24 10:40:11.0346 4940 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/24 10:40:11.0986 4940 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/24 10:40:12.0127 4940 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/24 10:40:12.0518 4940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/24 10:40:12.0721 4940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/24 10:40:12.0955 4940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/24 10:40:13.0127 4940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/24 10:40:13.0393 4940 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/24 10:40:13.0518 4940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/24 10:40:13.0768 4940 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
2011/09/24 10:40:13.0971 4940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/24 10:40:14.0128 4940 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/24 10:40:14.0472 4940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/24 10:40:14.0597 4940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/24 10:40:14.0956 4940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/24 10:40:15.0613 4940 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/24 10:40:15.0847 4940 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/24 10:40:16.0566 4940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/24 10:40:16.0816 4940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/24 10:40:17.0129 4940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/24 10:40:17.0269 4940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/24 10:40:17.0566 4940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/24 10:40:17.0973 4940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/24 10:40:18.0238 4940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/24 10:40:18.0520 4940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/24 10:40:18.0582 4940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/24 10:40:18.0707 4940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/24 10:40:18.0910 4940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/24 10:40:19.0286 4940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/24 10:40:19.0426 4940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/24 10:40:19.0598 4940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/24 10:40:19.0708 4940 GTUHSBUS (d55a64f36b429665b351133f4e1eefe5) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
2011/09/24 10:40:19.0848 4940 GTUHSNDISIPXP (551b0b6b5d3b35526d7153ed0ad03001) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
2011/09/24 10:40:20.0005 4940 GTUHSSER (b97cad5584370cba9840f22b14d7f14c) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
2011/09/24 10:40:20.0176 4940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/24 10:40:20.0458 4940 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/24 10:40:20.0817 4940 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/09/24 10:40:21.0130 4940 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/09/24 10:40:21.0380 4940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/24 10:40:21.0724 4940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/24 10:40:21.0974 4940 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/24 10:40:22.0333 4940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/24 10:40:22.0896 4940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/24 10:40:23.0021 4940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/24 10:40:23.0224 4940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/24 10:40:23.0349 4940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/24 10:40:23.0537 4940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/24 10:40:23.0709 4940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/24 10:40:23.0959 4940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/24 10:40:24.0178 4940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/24 10:40:24.0350 4940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/24 10:40:24.0459 4940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/24 10:40:24.0709 4940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/24 10:40:24.0912 4940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/24 10:40:25.0537 4940 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/24 10:40:25.0709 4940 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/24 10:40:25.0928 4940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/24 10:40:26.0116 4940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/24 10:40:26.0272 4940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/24 10:40:26.0397 4940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/24 10:40:26.0569 4940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/24 10:40:26.0944 4940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/24 10:40:27.0163 4940 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/24 10:40:27.0476 4940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/24 10:40:27.0710 4940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/24 10:40:27.0773 4940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/24 10:40:27.0882 4940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/24 10:40:28.0116 4940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/24 10:40:28.0288 4940 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/24 10:40:28.0523 4940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/24 10:40:28.0617 4940 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/24 10:40:28.0820 4940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/24 10:40:29.0195 4940 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/24 10:40:29.0273 4940 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/24 10:40:29.0523 4940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/24 10:40:29.0586 4940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/24 10:40:29.0804 4940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/24 10:40:29.0898 4940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/24 10:40:30.0148 4940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/24 10:40:30.0570 4940 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/09/24 10:40:30.0945 4940 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/24 10:40:31.0149 4940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/24 10:40:31.0289 4940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/24 10:40:31.0649 4940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/24 10:40:31.0930 4940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/24 10:40:32.0243 4940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/24 10:40:32.0415 4940 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/24 10:40:32.0587 4940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/24 10:40:32.0805 4940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/24 10:40:32.0946 4940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/24 10:40:33.0149 4940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/24 10:40:33.0540 4940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/24 10:40:33.0743 4940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/24 10:40:34.0040 4940 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/09/24 10:40:35.0103 4940 pppop (80ae9714ff0c140d6471911fe334198a) C:\WINDOWS\system32\DRIVERS\pppop.sys
2011/09/24 10:40:35.0322 4940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/24 10:40:35.0619 4940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/24 10:40:35.0712 4940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/24 10:40:36.0541 4940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/24 10:40:36.0791 4940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/24 10:40:36.0916 4940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/24 10:40:37.0104 4940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/24 10:40:37.0354 4940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/24 10:40:37.0526 4940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/24 10:40:37.0822 4940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/24 10:40:37.0948 4940 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/24 10:40:38.0244 4940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/24 10:40:38.0557 4940 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/24 10:40:38.0760 4940 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/24 10:40:39.0073 4940 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/24 10:40:39.0636 4940 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/24 10:40:39.0901 4940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/24 10:40:40.0198 4940 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/24 10:40:40.0417 4940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/24 10:40:40.0605 4940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/24 10:40:40.0886 4940 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/24 10:40:41.0245 4940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/24 10:40:41.0464 4940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/24 10:40:41.0699 4940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/24 10:40:42.0074 4940 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/24 10:40:42.0371 4940 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/24 10:40:42.0558 4940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/24 10:40:42.0871 4940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/24 10:40:43.0043 4940 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/09/24 10:40:43.0996 4940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/24 10:40:44.0293 4940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/24 10:40:44.0653 4940 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/09/24 10:40:44.0856 4940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/24 10:40:45.0028 4940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/24 10:40:45.0153 4940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/24 10:40:45.0590 4940 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/09/24 10:40:45.0919 4940 TmFilter (3e615f370f0c7db414b6bcd1c18399d4) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
2011/09/24 10:40:46.0231 4940 TmPreFilter (c7c7959ec0940e0eddfc881fed8ec214) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
2011/09/24 10:40:46.0513 4940 TM_CFW (6ebec57eb4b4b29c8a90d3c32a588f3e) C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
2011/09/24 10:40:47.0544 4940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/24 10:40:48.0060 4940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/24 10:40:48.0529 4940 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/24 10:40:48.0701 4940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/24 10:40:48.0888 4940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/24 10:40:49.0045 4940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/24 10:40:49.0279 4940 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/24 10:40:49.0404 4940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/24 10:40:49.0623 4940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/24 10:40:49.0842 4940 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/24 10:40:50.0045 4940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/24 10:40:50.0358 4940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/24 10:40:50.0655 4940 VSApiNt (60dfbc34228ca36221b03460789f5d4e) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
2011/09/24 10:40:50.0998 4940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/24 10:40:51.0389 4940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/24 10:40:51.0545 4940 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/09/24 10:40:52.0202 4940 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/24 10:40:52.0358 4940 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/24 10:40:52.0655 4940 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/24 10:40:52.0843 4940 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/24 10:40:52.0968 4940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/24 10:40:53.0140 4940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/24 10:40:53.0702 4940 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/09/24 10:40:53.0999 4940 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/09/24 10:40:53.0999 4940 ================================================================================
2011/09/24 10:40:53.0999 4940 Scan finished
2011/09/24 10:40:53.0999 4940 ================================================================================
2011/09/24 10:40:54.0187 3456 Detected object count: 1
2011/09/24 10:40:54.0187 3456 Actual detected object count: 1
2011/09/24 10:41:04.0674 3456 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/09/24 10:41:04.0674 3456 \Device\Harddisk0\DR0 - copied to quarantine
2011/09/24 10:41:04.0753 3456 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Quarantine
 
Since you used last known good configuration re-run TDSSKiller and post new log.
 
The last log I posted was in last known good configuration. At this point, i am having difficulty starting up windows and getting anything to function. Hence we my responses are so slow.

I am currently in safe mode, with networking, as this is the only OS login that allows me to get to a browser and use my wireless adapter properly.
 
Here is the TDSS log from safe mode:
2011/09/26 12:34:32.0984 1924 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/09/26 12:34:35.0203 1924 ================================================================================
2011/09/26 12:34:35.0203 1924 SystemInfo:
2011/09/26 12:34:35.0203 1924
2011/09/26 12:34:35.0203 1924 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/26 12:34:35.0203 1924 Product type: Workstation
2011/09/26 12:34:35.0203 1924 ComputerName: GM7RBC1
2011/09/26 12:34:35.0203 1924 UserName: LZanone
2011/09/26 12:34:35.0203 1924 Windows directory: C:\WINDOWS
2011/09/26 12:34:35.0203 1924 System windows directory: C:\WINDOWS
2011/09/26 12:34:35.0203 1924 Processor architecture: Intel x86
2011/09/26 12:34:35.0203 1924 Number of processors: 2
2011/09/26 12:34:35.0203 1924 Page size: 0x1000
2011/09/26 12:34:35.0203 1924 Boot type: Safe boot with network
2011/09/26 12:34:35.0203 1924 ================================================================================
2011/09/26 12:34:38.0187 1924 Initialize success
2011/09/26 12:34:39.0562 1192 ================================================================================
2011/09/26 12:34:39.0562 1192 Scan started
2011/09/26 12:34:39.0562 1192 Mode: Manual;
2011/09/26 12:34:39.0562 1192 ================================================================================
2011/09/26 12:34:41.0671 1192 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/26 12:34:41.0734 1192 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/26 12:34:42.0078 1192 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/26 12:34:42.0140 1192 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/26 12:34:42.0218 1192 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/26 12:34:42.0546 1192 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/26 12:34:42.0640 1192 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/26 12:34:42.0812 1192 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/26 12:34:42.0875 1192 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/26 12:34:43.0000 1192 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/26 12:34:43.0093 1192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/26 12:34:43.0171 1192 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/26 12:34:43.0218 1192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/26 12:34:43.0312 1192 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
2011/09/26 12:34:43.0484 1192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/26 12:34:43.0546 1192 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/26 12:34:43.0609 1192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/26 12:34:43.0671 1192 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/26 12:34:43.0734 1192 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/26 12:34:43.0921 1192 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/26 12:34:44.0000 1192 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/26 12:34:44.0375 1192 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/26 12:34:44.0500 1192 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/26 12:34:44.0562 1192 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/26 12:34:44.0625 1192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/26 12:34:44.0687 1192 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/26 12:34:44.0796 1192 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/26 12:34:44.0921 1192 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/26 12:34:44.0968 1192 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/26 12:34:45.0000 1192 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/26 12:34:45.0062 1192 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/26 12:34:45.0156 1192 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/26 12:34:45.0234 1192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/26 12:34:45.0265 1192 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/26 12:34:45.0296 1192 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/26 12:34:45.0359 1192 GTUHSBUS (d55a64f36b429665b351133f4e1eefe5) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
2011/09/26 12:34:45.0406 1192 GTUHSNDISIPXP (551b0b6b5d3b35526d7153ed0ad03001) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
2011/09/26 12:34:45.0453 1192 GTUHSSER (b97cad5584370cba9840f22b14d7f14c) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
2011/09/26 12:34:45.0515 1192 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/26 12:34:45.0609 1192 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/26 12:34:45.0734 1192 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/09/26 12:34:45.0828 1192 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/09/26 12:34:45.0890 1192 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/26 12:34:46.0046 1192 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/26 12:34:46.0140 1192 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/26 12:34:46.0296 1192 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/26 12:34:46.0750 1192 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/26 12:34:46.0781 1192 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/26 12:34:46.0859 1192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/26 12:34:46.0890 1192 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/26 12:34:46.0968 1192 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/26 12:34:47.0046 1192 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/26 12:34:47.0109 1192 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/26 12:34:47.0171 1192 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/26 12:34:47.0265 1192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/26 12:34:47.0375 1192 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/26 12:34:47.0421 1192 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/26 12:34:47.0468 1192 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/26 12:34:47.0671 1192 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/26 12:34:47.0734 1192 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/26 12:34:47.0781 1192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/26 12:34:47.0875 1192 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/26 12:34:47.0953 1192 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/26 12:34:48.0015 1192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/26 12:34:48.0062 1192 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/26 12:34:48.0109 1192 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/26 12:34:48.0203 1192 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/26 12:34:48.0265 1192 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/26 12:34:48.0343 1192 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/26 12:34:48.0375 1192 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/26 12:34:48.0437 1192 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/26 12:34:48.0484 1192 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/26 12:34:48.0593 1192 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/26 12:34:48.0640 1192 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/26 12:34:48.0687 1192 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/26 12:34:48.0921 1192 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/26 12:34:49.0078 1192 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/26 12:34:49.0125 1192 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/26 12:34:49.0171 1192 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/26 12:34:49.0203 1192 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/26 12:34:49.0234 1192 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/26 12:34:49.0296 1192 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/26 12:34:49.0343 1192 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/26 12:34:49.0625 1192 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/09/26 12:34:49.0734 1192 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/26 12:34:49.0859 1192 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/26 12:34:49.0906 1192 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/26 12:34:50.0031 1192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/26 12:34:50.0109 1192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/26 12:34:50.0140 1192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/26 12:34:50.0187 1192 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/26 12:34:50.0343 1192 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/26 12:34:50.0375 1192 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/26 12:34:50.0406 1192 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/26 12:34:50.0437 1192 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/26 12:34:50.0500 1192 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/26 12:34:50.0562 1192 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/26 12:34:50.0640 1192 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/09/26 12:34:50.0984 1192 pppop (80ae9714ff0c140d6471911fe334198a) C:\WINDOWS\system32\DRIVERS\pppop.sys
2011/09/26 12:34:51.0078 1192 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/26 12:34:51.0281 1192 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/26 12:34:51.0359 1192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/26 12:34:51.0562 1192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/26 12:34:51.0625 1192 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/26 12:34:51.0656 1192 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/26 12:34:51.0687 1192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/26 12:34:51.0750 1192 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/26 12:34:51.0781 1192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/26 12:34:51.0843 1192 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/26 12:34:51.0921 1192 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/26 12:34:52.0000 1192 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/26 12:34:52.0078 1192 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/26 12:34:52.0125 1192 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/26 12:34:52.0171 1192 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/26 12:34:52.0296 1192 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/26 12:34:52.0390 1192 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/26 12:34:52.0468 1192 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/26 12:34:52.0531 1192 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/26 12:34:52.0593 1192 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/26 12:34:52.0718 1192 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/26 12:34:52.0812 1192 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/26 12:34:52.0875 1192 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/26 12:34:53.0015 1192 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/26 12:34:53.0187 1192 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/26 12:34:53.0281 1192 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/26 12:34:53.0343 1192 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/26 12:34:53.0453 1192 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/26 12:34:53.0500 1192 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/09/26 12:34:53.0812 1192 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/26 12:34:53.0921 1192 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/26 12:34:54.0046 1192 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/09/26 12:34:54.0109 1192 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/26 12:34:54.0140 1192 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/26 12:34:54.0187 1192 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/26 12:34:54.0281 1192 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/09/26 12:34:54.0359 1192 TmFilter (3e615f370f0c7db414b6bcd1c18399d4) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
2011/09/26 12:34:54.0406 1192 TmPreFilter (c7c7959ec0940e0eddfc881fed8ec214) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
2011/09/26 12:34:54.0515 1192 TM_CFW (6ebec57eb4b4b29c8a90d3c32a588f3e) C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
2011/09/26 12:34:54.0718 1192 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/26 12:34:54.0859 1192 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/26 12:34:54.0968 1192 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/26 12:34:55.0031 1192 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/26 12:34:55.0125 1192 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/26 12:34:55.0171 1192 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/26 12:34:55.0234 1192 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/26 12:34:55.0296 1192 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/26 12:34:55.0343 1192 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/26 12:34:55.0390 1192 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/26 12:34:55.0437 1192 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/26 12:34:55.0546 1192 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/26 12:34:55.0703 1192 VSApiNt (60dfbc34228ca36221b03460789f5d4e) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
2011/09/26 12:34:55.0859 1192 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/26 12:34:55.0984 1192 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/26 12:34:56.0078 1192 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/09/26 12:34:56.0296 1192 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/26 12:34:56.0437 1192 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/26 12:34:56.0500 1192 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/26 12:34:56.0578 1192 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/26 12:34:56.0640 1192 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/26 12:34:56.0718 1192 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/26 12:34:56.0843 1192 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/09/26 12:34:56.0984 1192 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/09/26 12:34:57.0000 1192 ================================================================================
2011/09/26 12:34:57.0000 1192 Scan finished
2011/09/26 12:34:57.0000 1192 ================================================================================
2011/09/26 12:34:57.0031 0488 Detected object count: 1
2011/09/26 12:34:57.0031 0488 Actual detected object count: 1
2011/09/26 12:35:06.0625 0488 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/09/26 12:35:06.0640 0488 \Device\Harddisk0\DR0 - copied to quarantine
2011/09/26 12:35:06.0640 0488 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Quarantine
 
Combofix log (in standard windows, it was the only way I could get the re download to work):
ComboFix 11-09-26.02 - LZanone 09/26/2011 17:08:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.463 [GMT -7:00]
Running from: c:\documents and settings\LZanone\Desktop\ComboFix.exe
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {E4C522EB-7705-48EB-8A10-B3A872A4A462}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled* {E4C522EB-7705-48EB-8A10-B3A872A4A462}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-26 23:23 . 2011-09-26 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Provisioning
2011-09-13 23:46 . 2011-09-13 23:46 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 20:31 . 2009-11-11 14:48 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-09-26 20:31 . 2009-11-12 18:08 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-09-26 20:31 . 2009-11-11 23:05 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-09-22 18:01 . 2011-05-27 15:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 00:00 . 2011-06-01 15:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-08 00:44 . 2011-05-29 16:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-19_19.55.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-26 17:32 . 2011-09-26 17:32 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2008-04-14 12:00 . 2011-09-26 20:36 75914 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-09-19 19:36 75914 c:\windows\system32\perfc009.dat
+ 2009-11-12 16:11 . 2011-09-20 21:42 35088 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 35088 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 18704 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 18704 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 20240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 20240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-14 12:00 . 2011-09-19 19:36 457174 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2011-09-26 20:36 457174 c:\windows\system32\perfh009.dat
+ 2011-09-22 18:01 . 2011-09-22 18:01 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2011-09-23 01:46 . 2011-09-23 01:46 332288 c:\windows\Installer\b331e8.msi
- 2009-11-12 16:11 . 2011-07-13 10:02 888080 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 888080 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 272648 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 272648 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 922384 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 922384 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 845584 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 845584 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 217864 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 217864 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-27 01:07 . 2011-08-15 15:26 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-01-27 01:07 . 2011-09-22 18:01 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-08-11 00:42 . 2011-08-11 00:42 7070208 c:\windows\Installer\2f89d.msp
+ 2011-09-07 04:48 . 2011-09-07 04:48 8181248 c:\windows\Installer\2f88b.msp
+ 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\2f860.msp
- 2009-11-12 16:11 . 2011-07-13 10:02 1172240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-12 16:11 . 2011-09-20 21:42 1172240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-02 21:48 . 2011-09-06 20:58 46249416 c:\windows\system32\MRT.exe
+ 2011-07-27 14:37 . 2011-07-27 14:37 11592192 c:\windows\Installer\2f879.msp
+ 2009-04-04 02:21 . 2009-04-04 02:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109AC0000000000000000F01FEC\12.0.6425\OART.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-24 399736]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSVN 6 (background).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSVN 6 (background).lnk
backup=c:\windows\pss\SmartSVN 6 (background).lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-11 02:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-10-19 01:58 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-10-19 02:04 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 14:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 21:09 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nortel Networks\\i2050SoftwarePhone\\i2050srv.mod"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\LZanone\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [3/9/2009 5:07 PM 518688]
R2 i2050QoSSvc;Nortel Networks i2050 QoS Service;c:\windows\system32\i2050QosSvc.exe [3/19/2004 2:15 PM 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/1/2011 8:50 AM 366152]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [12/1/2009 3:34 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [12/1/2009 3:34 PM 36368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/1/2011 8:50 AM 22216]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2/3/2009 1:43 PM 36384]
S0 cerc6;cerc6; [x]
S2 statuscached;SmartSVN Status Cache;c:\program files\SmartSVN 6\bin\statuscached.exe [10/27/2009 7:18 PM 215040]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/10/2010 7:12 PM 121416]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [7/16/2009 9:51 AM 67840]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [7/16/2009 9:53 AM 107776]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [7/16/2009 9:49 AM 8064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-813497703-1177238915-1003Core.job
- c:\documents and settings\LZanone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 04:21]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-813497703-1177238915-1003UA.job
- c:\documents and settings\LZanone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 04:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: fatspaniel.net\insight
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8034GSX rev.AH301D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D232E0
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-09-26 17:29:56
ComboFix-quarantined-files.txt 2011-09-27 00:29
ComboFix2.txt 2011-09-20 22:22
ComboFix3.txt 2011-09-20 21:51
ComboFix4.txt 2011-09-19 19:58
ComboFix5.txt 2011-09-27 00:06
.
Pre-Run: 6,658,666,496 bytes free
Post-Run: 7,552,090,112 bytes free
.
- - End Of File - - 03D993A14750C02EEE08AA3BDE549860
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-26 18:29:37
-----------------------------
18:29:37.077 OS Version: Windows 5.1.2600 Service Pack 3
18:29:37.077 Number of processors: 2 586 0xE08
18:29:37.077 ComputerName: GM7RBC1 UserName: LZanone
18:29:39.124 Initialize success
18:46:12.328 AVAST engine defs: 11092601
19:01:39.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:01:39.777 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
19:01:39.777 Device \Driver\atapi -> DriverStartIo 8a78b2e0
19:01:41.778 Disk 0 MBR read successfully
19:01:41.778 Disk 0 MBR scan
19:01:41.809 Disk 0 MBR:pihar [Rtk]
19:01:41.824 Disk 0 Windows XP default MBR code found via API
19:01:41.824 Disk 0 MBR hidden
19:01:41.824 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
19:01:41.824 Disk 0 trace - called modules:
19:01:41.824 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a78b4c0]<<
19:01:41.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac94548]
19:01:41.824 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ac72d28]
19:01:41.824 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8ab9d940]
19:01:41.824 \Driver\atapi[0x8abb2e40] -> IRP_MJ_CREATE -> 0x8a78b4c0
19:01:42.528 AVAST engine scan C:\WINDOWS
19:01:59.998 AVAST engine scan C:\WINDOWS\system32
19:06:20.448 AVAST engine scan C:\WINDOWS\system32\drivers
19:06:42.638 AVAST engine scan C:\Documents and Settings\LZanone
19:21:37.386 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LZanone\Desktop\MBR.dat"
19:21:37.401 The log file has been saved successfully to "C:\Documents and Settings\LZanone\Desktop\aswMBR.txt"
 
These three lines in red:
19:01:41.824 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
19:01:41.824 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a78b4c0]<<
19:01:41.824 \Driver\atapi[0x8abb2e40] -> IRP_MJ_CREATE -> 0x8a78b4c0
 
Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh aswMBR log.
 
new aswMBR log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-26 18:29:37
-----------------------------
18:29:37.077 OS Version: Windows 5.1.2600 Service Pack 3
18:29:37.077 Number of processors: 2 586 0xE08
18:29:37.077 ComputerName: GM7RBC1 UserName: LZanone
18:29:39.124 Initialize success
18:46:12.328 AVAST engine defs: 11092601
19:01:39.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:01:39.777 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
19:01:39.777 Device \Driver\atapi -> DriverStartIo 8a78b2e0
19:01:41.778 Disk 0 MBR read successfully
19:01:41.778 Disk 0 MBR scan
19:01:41.809 Disk 0 MBR:pihar [Rtk]
19:01:41.824 Disk 0 Windows XP default MBR code found via API
19:01:41.824 Disk 0 MBR hidden
19:01:41.824 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
19:01:41.824 Disk 0 trace - called modules:
19:01:41.824 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a78b4c0]<<
19:01:41.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac94548]
19:01:41.824 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ac72d28]
19:01:41.824 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8ab9d940]
19:01:41.824 \Driver\atapi[0x8abb2e40] -> IRP_MJ_CREATE -> 0x8a78b4c0
19:01:42.528 AVAST engine scan C:\WINDOWS
19:01:59.998 AVAST engine scan C:\WINDOWS\system32
19:06:20.448 AVAST engine scan C:\WINDOWS\system32\drivers
19:06:42.638 AVAST engine scan C:\Documents and Settings\LZanone
19:21:37.386 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LZanone\Desktop\MBR.dat"
19:21:37.401 The log file has been saved successfully to "C:\Documents and Settings\LZanone\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-27 10:27:56
-----------------------------
10:27:56.078 OS Version: Windows 5.1.2600 Service Pack 3
10:27:56.078 Number of processors: 2 586 0xE08
10:27:56.078 ComputerName: GM7RBC1 UserName: LZanone
10:27:56.812 Initialize success
10:28:09.906 AVAST engine defs: 11092601
11:03:07.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:03:07.656 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
11:03:09.687 Disk 0 MBR read successfully
11:03:09.687 Disk 0 MBR scan
11:03:09.843 Disk 0 Windows XP default MBR code
11:03:09.843 Disk 0 scanning sectors +156296385
11:03:09.984 Disk 0 scanning C:\WINDOWS\system32\drivers
11:03:43.125 Service scanning
11:03:46.218 Modules scanning
11:04:02.078 Disk 0 trace - called modules:
11:04:02.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:04:02.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac8cab8]
11:04:02.093 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8abb5f18]
11:04:02.093 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8abe7940]
11:04:03.093 AVAST engine scan C:\WINDOWS
11:04:53.921 AVAST engine scan C:\WINDOWS\system32
11:08:30.375 AVAST engine scan C:\WINDOWS\system32\drivers
11:08:51.812 AVAST engine scan C:\Documents and Settings\LZanone
11:26:37.187 AVAST engine scan C:\Documents and Settings\All Users
11:28:48.171 Scan finished successfully
11:30:07.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LZanone\Desktop\MBR.dat"
11:30:07.109 The log file has been saved successfully to "C:\Documents and Settings\LZanone\Desktop\aswMBR.txt"
 
It is running much better now. The wireless adapter is not locking up. Boot up time is reasonable (although I haven't tested it after this curent version of combofix run). I may have to uinstall and reinstall firefox, as it seems to hang, especially on launch. Also, malwarebytes firewall has still seen some outbound IP requests.

Combo fix log:
ComboFix 11-09-27.02 - LZanone 09/27/2011 16:41:40.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1135 [GMT -7:00]
Running from: c:\documents and settings\LZanone\Desktop\ComboFix.exe
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {E4C522EB-7705-48EB-8A10-B3A872A4A462}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled* {E4C522EB-7705-48EB-8A10-B3A872A4A462}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-26 23:23 . 2011-09-26 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Provisioning
2011-09-13 23:46 . 2011-09-13 23:46 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 06:16 . 2009-11-11 14:48 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-09-27 06:16 . 2009-11-12 18:08 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-09-27 05:02 . 2009-11-11 23:05 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-09-22 18:01 . 2011-05-27 15:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-06-01 15:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-08 00:44 . 2011-05-29 16:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-19_19.55.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-27 06:16 . 2011-09-27 06:16 16384 c:\windows\Temp\Perflib_Perfdata_94.dat
+ 2008-04-14 12:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2011-09-27 06:20 76060 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 12:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 12:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\licmgr10.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2010-02-02 21:47 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-02-02 21:47 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2008-04-14 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-02-02 21:47 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-02-02 21:47 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-11-12 16:11 . 2011-07-13 10:02 35088 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 35088 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 18704 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 18704 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 20240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 20240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-27 05:51 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-27 06:00 . 2011-09-27 06:00 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-09-27 05:59 . 2011-09-27 05:59 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-21 15:41 . 2011-06-21 15:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-14 12:00 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 916480 c:\windows\system32\wininet.dll
- 2008-04-14 12:00 . 2009-03-08 12:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2011-09-27 06:20 457320 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
- 2009-03-08 12:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 12:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2011-09-22 18:01 . 2011-09-22 18:01 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2008-04-14 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
- 2009-11-11 22:56 . 2008-04-14 12:00 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2009-11-11 22:56 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2008-04-14 12:00 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2009-03-08 12:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
- 2009-11-11 22:56 . 2008-04-14 12:00 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2009-11-11 22:56 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2008-04-14 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-02-02 21:47 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-02-02 21:47 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-12-01 17:31 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-12-01 17:31 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-02-02 21:47 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-02-02 21:47 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-12-01 17:29 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-12-01 17:29 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-23 01:46 . 2011-09-23 01:46 332288 c:\windows\Installer\b331e8.msi
- 2009-11-12 16:11 . 2011-07-13 10:02 888080 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 888080 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 272648 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 272648 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 922384 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 922384 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 845584 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 845584 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-12 16:11 . 2011-07-13 10:02 217864 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 217864 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-27 05:51 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-09-27 05:51 . 2009-03-08 12:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-09-27 05:51 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-09-27 05:51 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-09-27 05:51 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-09-27 05:51 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
- 2010-12-01 17:31 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-12-01 17:31 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-09-27 06:06 . 2011-09-27 06:06 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-09-27 06:04 . 2011-09-27 06:04 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-09-27 06:11 . 2011-09-27 06:11 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-09-27 06:05 . 2011-09-27 06:05 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-09-27 06:05 . 2011-09-27 06:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10
 
\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-27 06:08 . 2011-09-27 06:08 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-09-27 06:08 . 2011-09-27 06:08 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-09-27 06:08 . 2011-09-27 06:08 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-09-27 06:06 . 2011-09-27 06:06 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-09-27 06:01 . 2011-09-27 06:01 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-09-27 06:01 . 2011-09-27 06:01 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-09-27 06:01 . 2011-09-27 06:01 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-09-27 06:01 . 2011-09-27 06:01 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-09-27 06:06 . 2011-09-27 06:06 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eae2ab662e4b44aacd4cebd3f9b6c34f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9bcb002ea577b825f7c7872ec21b78a3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\97869a9a27244319a1bcb5c2d446a1cc\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4d166154a2d5a4497acccfcd08355267\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-09-27 06:05 . 2011-09-27 06:05 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
- 2010-01-27 01:07 . 2011-08-15 15:26 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-01-27 01:07 . 2011-09-22 18:01 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 12:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 12:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
- 2010-02-02 21:47 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-02-02 21:47 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-29 04:50 . 2011-04-29 04:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\cddbd3.msp
+ 2011-05-02 07:06 . 2011-05-02 07:06 2705920 c:\windows\Installer\89e90.msp
+ 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\42bf3.msp
+ 2011-09-07 04:46 . 2011-09-07 04:46 9006080 c:\windows\Installer\42be1.msp
+ 2011-08-24 13:37 . 2011-08-24 13:37 4985856 c:\windows\Installer\42bcf.msp
+ 2011-08-11 00:42 . 2011-08-11 00:42 7070208 c:\windows\Installer\2f89d.msp
+ 2011-09-07 04:48 . 2011-09-07 04:48 8181248 c:\windows\Installer\2f88b.msp
+ 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\2f860.msp
- 2009-11-12 16:11 . 2011-07-13 10:02 1172240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-12 16:11 . 2011-09-27 10:00 1172240 c:\windows\Installer\{90120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-04 02:21 . 2009-04-04 02:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109AC0000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2011-09-27 05:51 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-09-27 05:51 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-09-27 05:51 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-09-27 05:59 . 2011-09-27 05:59 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-09-27 06:04 . 2011-09-27 06:04 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-09-27 05:59 . 2011-09-27 05:59 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-09-27 06:11 . 2011-09-27 06:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-09-27 06:11 . 2011-09-27 06:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-09-27 06:11 . 2011-09-27 06:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-09-27 06:10 . 2011-09-27 06:10 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-09-27 06:05 . 2011-09-27 06:05 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8a9589fd87302a1333af22962bb5f1f1\System.Management.Automation.ni.dll
+ 2011-09-27 06:05 . 2011-09-27 06:05 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-09-27 06:08 . 2011-09-27 06:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-09-27 06:02 . 2011-09-27 06:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-09-27 06:08 . 2011-09-27 06:08 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-09-27 06:02 . 2011-09-27 06:02 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-09-27 06:08 . 2011-09-27 06:08 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-09-27 06:02 . 2011-09-27 06:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-09-27 06:01 . 2011-09-27 06:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-09-27 06:01 . 2011-09-27 06:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-09-27 05:59 . 2011-09-27 05:59 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-27 06:07 . 2011-09-27 06:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-09-27 05:56 . 2011-09-27 05:56 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-21 15:41 . 2011-06-21 15:41 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-21 15:42 . 2011-06-21 15:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-27 05:57 . 2011-09-27 05:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-02-02 21:48 . 2011-09-06 20:58 46249416 c:\windows\system32\MRT.exe
- 2009-03-08 12:39 . 2011-04-26 17:11 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 12:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
- 2010-02-02 21:47 . 2011-04-26 17:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2010-02-02 21:47 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-07-27 14:37 . 2011-07-27 14:37 11592192 c:\windows\Installer\2f879.msp
+ 2009-04-04 02:21 . 2009-04-04 02:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109AC0000000000000000F01FEC\12.0.6425\OART.DLL
+ 2011-09-27 05:51 . 2011-04-26 17:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-09-27 06:03 . 2011-09-27 06:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-09-27 06:09 . 2011-09-27 06:09 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-09-27 06:06 . 2011-09-27 06:06 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-09-27 06:02 . 2011-09-27 06:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-09-27 06:01 . 2011-09-27 06:01 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-09-27 06:00 . 2011-09-27 06:00 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-10-28 02:18 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-24 399736]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSVN 6 (background).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSVN 6 (background).lnk
backup=c:\windows\pss\SmartSVN 6 (background).lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-11 02:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-10-19 01:58 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-10-19 02:04 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 14:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-24 21:09 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nortel Networks\\i2050SoftwarePhone\\i2050srv.mod"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\LZanone\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [3/9/2009 5:07 PM 518688]
R2 i2050QoSSvc;Nortel Networks i2050 QoS Service;c:\windows\system32\i2050QosSvc.exe [3/19/2004 2:15 PM 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/1/2011 8:50 AM 366152]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [12/1/2009 3:34 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [12/1/2009 3:34 PM 36368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/1/2011 8:50 AM 22216]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2/3/2009 1:43 PM 36384]
S0 cerc6;cerc6; [x]
S2 statuscached;SmartSVN Status Cache;c:\program files\SmartSVN 6\bin\statuscached.exe [10/27/2009 7:18 PM 215040]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/10/2010 7:12 PM 121416]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [7/16/2009 9:51 AM 67840]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [7/16/2009 9:53 AM 107776]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [7/16/2009 9:49 AM 8064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-813497703-1177238915-1003Core.job
- c:\documents and settings\LZanone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 04:21]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-813497703-1177238915-1003UA.job
- c:\documents and settings\LZanone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 04:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: fatspaniel.net\insight
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 16:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-09-27 16:50:10
ComboFix-quarantined-files.txt 2011-09-27 23:50
ComboFix2.txt 2011-09-27 00:29
ComboFix3.txt 2011-09-20 22:22
ComboFix4.txt 2011-09-20 21:51
ComboFix5.txt 2011-09-27 23:40
.
Pre-Run: 6,723,051,520 bytes free
Post-Run: 7,094,272,000 bytes free
.
- - End Of File - - 001A098E78D870979456240FD61E09A2
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL has been locked with a message at the bottom saying creating restore point. DO NOT INTERRUPT. ... for at least 45 minutes/
 
It ran, but did not create am extras txt file.

The OTL.txt file:
OTL logfile created on: 9/29/2011 5:13:52 PM - Run 6
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\LZanone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.75% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 86.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.59 Gb Free Space | 8.84% Space Free | Partition Type: NTFS

Computer Name: GM7RBC1 | User Name: LZanone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/13 14:50:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2011/06/03 16:55:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LZanone\Desktop\OTL.exe
PRC - [2009/10/27 19:18:04 | 000,215,040 | ---- | M] () -- C:\Program Files\SmartSVN 6\bin\statuscached.exe
PRC - [2009/03/09 17:07:18 | 000,518,688 | ---- | M] (Fortinet Inc.) -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/28 14:54:44 | 000,151,552 | ---- | M] (SprintNextel) -- C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
PRC - [2007/03/29 08:10:06 | 000,394,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/18 19:01:34 | 000,290,816 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/06/29 13:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/03/19 14:15:10 | 000,081,920 | ---- | M] (Nortel Networks Corp.) -- C:\WINDOWS\system32\i2050QosSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 16:55:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LZanone\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/06/29 13:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/13 18:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/13 14:50:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/10 19:12:52 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/10/27 19:18:04 | 000,215,040 | ---- | M] () [Auto | Running] -- C:\Program Files\SmartSVN 6\bin\statuscached.exe -- (statuscached)
SRV - [2009/03/09 17:07:18 | 000,518,688 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2007/06/28 14:54:44 | 000,151,552 | ---- | M] (SprintNextel) [Auto | Running] -- C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe -- (Access Utility Service)
SRV - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/18 19:01:34 | 000,290,816 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/03/19 14:15:10 | 000,081,920 | ---- | M] (Nortel Networks Corp.) [Auto | Running] -- C:\WINDOWS\system32\i2050QosSvc.exe -- (i2050QoSSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/10 19:02:30 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/03/10 19:00:10 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/16 09:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 09:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 09:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/02/03 13:43:38 | 000,036,384 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pppop.sys -- (pppop)
DRV - [2008/08/22 11:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/03/22 10:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2006/10/19 10:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/08/17 09:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 15 58 01 89 DA 71 49 A1 98 B1 0B CF 3B 6A 74 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 15 58 01 89 DA 71 49 A1 98 B1 0B CF 3B 6A 74 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 15 58 01 89 DA 71 49 A1 98 B1 0B CF 3B 6A 74 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 15 58 01 89 DA 71 49 A1 98 B1 0B CF 3B 6A 74 [binary data]

IE - HKU\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 3B E9 8D B3 7C CC 01 [binary data]
IE - HKU\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 15 58 01 89 DA 71 49 A1 98 B1 0B CF 3B 6A 74 [binary data]
IE - HKU\S-1-5-21-796845957-813497703-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-813497703-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.igoogle.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: facebookfilter@chocolatesoftware.com:2.2.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 15:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/14 19:52:15 | 000,000,000 | ---D | M]

[2009/11/12 10:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LZanone\Application Data\Mozilla\Extensions
[2011/09/22 10:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions
[2010/12/06 10:51:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 08:34:51 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\searchplugins\askcom.xml
[2011/06/12 17:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 17:26:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/12/01 16:50:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/08/25 09:09:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LZANONE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WLVRGXNW.DEFAULT\EXTENSIONS\FACEBOOKFILTER@CHOCOLATESOFTWARE.COM.XPI
[2010/03/29 14:08:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/29 15:44:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/29 09:45:56 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/27 16:48:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-796845957-813497703-1177238915-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-796845957-813497703-1177238915-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\..Trusted Domains: fatspaniel.net ([insight] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265147008968 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://fatspaniel.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/11 16:01:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-796845957-813497703-1177238915-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 16:40:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/26 18:20:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LZanone\Desktop\aswMBR.exe
[2011/09/26 16:50:51 | 004,231,882 | R--- | C] (Swearware) -- C:\Documents and Settings\LZanone\Desktop\ComboFix.exe
[2011/09/26 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Provisioning
[2011/09/24 11:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/06 22:32:41 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LZanone\Desktop\TDSSKiller.exe
[2011/09/06 19:16:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\LZanone\Desktop\dds.scr
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/29 16:50:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-813497703-1177238915-1003UA.job
[2011/09/29 15:43:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/29 15:41:47 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/29 15:41:47 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/29 15:37:46 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/09/29 15:37:43 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/09/29 15:37:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 10:50:02 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-813497703-1177238915-1003Core.job
[2011/09/27 16:48:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/27 16:11:36 | 004,231,882 | R--- | M] (Swearware) -- C:\Documents and Settings\LZanone\Desktop\ComboFix.exe
[2011/09/27 11:30:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\LZanone\Desktop\MBR.dat
[2011/09/26 22:53:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/26 22:02:14 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/09/26 18:20:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LZanone\Desktop\aswMBR.exe
[2011/09/22 18:45:48 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\LZanone\Desktop\Google Chrome.lnk
[2011/09/22 18:45:48 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\LZanone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/15 18:43:03 | 000,038,524 | ---- | M] () -- C:\Documents and Settings\LZanone\Application Data\Comma Separated Values (Windows).ADR
[2011/09/06 19:16:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\LZanone\Desktop\dds.scr
[2011/09/05 21:02:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\LZanone\Desktop\wtgir0ic.exe
[2011/09/05 08:24:11 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\LZanone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/31 15:44:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 19:21:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\LZanone\Desktop\MBR.dat
[2011/09/05 21:02:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\LZanone\Desktop\wtgir0ic.exe
[2011/07/14 07:57:47 | 000,017,402 | -HS- | C] () -- C:\Documents and Settings\LZanone\Local Settings\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
[2011/07/14 07:57:47 | 000,017,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
[2011/07/13 17:15:57 | 000,006,296 | ---- | C] () -- C:\Documents and Settings\LZanone\Application Data\FC36.933
[2011/06/03 15:31:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/03 15:31:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/03 15:31:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/03 15:31:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/03 15:31:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 15:01:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/23 11:01:29 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2011/02/07 13:08:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/04 11:13:57 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/07/19 14:57:11 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\LZanone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 09:25:15 | 000,007,418 | ---- | C] () -- C:\Documents and Settings\LZanone\Application Data\Comma Separated Values (Windows).EML
[2010/06/16 13:42:02 | 000,038,524 | ---- | C] () -- C:\Documents and Settings\LZanone\Application Data\Comma Separated Values (Windows).ADR
[2010/06/16 13:41:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/23 20:52:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/02/10 15:53:52 | 000,013,049 | ---- | C] () -- C:\Documents and Settings\LZanone\Application Data\Comma Separated Values (Windows).CAL
[2009/12/04 16:14:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/01 18:23:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\LZanone\Local Settings\Application Data\PUTTY.RND
[2009/12/01 17:55:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\LZanone\Application Data\winscp.rnd
[2009/11/12 10:50:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/12 08:47:37 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/11/11 16:05:21 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/11/11 16:04:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/11 15:57:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/11 07:49:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/11 07:48:40 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 07:48:37 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,457,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,076,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/03/19 14:13:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\etherui.dll

========== LOP Check ==========

[2010/11/02 11:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/02/23 10:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/02/23 10:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/09/26 16:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Provisioning
[2010/09/17 10:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/16 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\salesforce.com
[2009/12/01 15:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/12/01 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\syntevo
[2010/03/29 11:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/24 08:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/01 17:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/02/23 11:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2010/08/20 13:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2010/06/16 12:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\.salesforce.com
[2011/02/23 11:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\AT&T
[2011/02/24 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Aventail
[2010/09/17 11:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Blackberry Desktop
[2009/12/01 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Echo Software
[2011/02/07 14:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\ElevatedDiagnostics
[2010/10/04 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\FreeAudioPack
[2010/09/17 10:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Research In Motion
[2010/06/16 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\salesforce.com
[2011/02/23 11:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Sierra Wireless
[2010/09/28 16:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Singlesnet
[2009/12/01 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Subversion
[2009/12/01 15:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\syntevo
[2011/09/29 15:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\uTorrent
[2011/06/08 16:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\webex
[2009/12/08 10:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Windows Desktop Search
[2010/01/21 16:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LZanone\Application Data\Windows Search
[2011/02/24 09:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/11 16:01:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/02/24 09:57:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/03 15:35:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/27 16:50:11 | 000,062,178 | ---- | M] () -- C:\ComboFix.txt
[2009/11/11 16:01:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/11/11 16:01:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/11 16:01:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/29 15:37:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/02/11 23:12:52 | 000,001,109 | ---- | M] () -- C:\SpokeUninstall_5932_2010-02-12-06-24-22.txt
[2011/09/29 15:52:05 | 000,095,268 | ---- | M] () -- C:\ssapi.log
[2011/07/13 22:10:22 | 000,043,500 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_13.07.2011_22.09.54_log.txt
[2011/06/03 09:12:23 | 000,043,496 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_03.06.2011_09.05.20_log.txt
[2011/06/03 09:58:22 | 000,043,496 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_03.06.2011_09.43.32_log.txt
[2011/06/03 10:04:46 | 000,042,768 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_03.06.2011_10.04.17_log.txt
[2011/09/06 22:32:55 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_06.09.2011_22.32.51_log.txt
[2011/09/06 22:33:55 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_06.09.2011_22.33.53_log.txt
[2011/09/06 23:18:55 | 000,044,374 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_06.09.2011_22.34.26_log.txt
[2011/09/07 17:48:17 | 000,044,538 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_07.09.2011_17.43.30_log.txt
[2011/09/07 18:27:15 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_07.09.2011_18.27.11_log.txt
[2011/09/07 18:27:47 | 000,044,434 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_07.09.2011_18.27.18_log.txt
[2011/09/07 18:33:53 | 000,044,538 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_07.09.2011_18.30.37_log.txt
[2011/09/07 18:34:01 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_07.09.2011_18.33.59_log.txt
[2011/09/08 21:26:47 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_08.09.2011_21.26.43_log.txt
[2011/09/08 21:27:37 | 000,044,538 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_08.09.2011_21.26.50_log.txt
[2011/09/08 21:27:57 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_08.09.2011_21.27.55_log.txt
[2011/09/12 18:18:42 | 000,086,566 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_12.09.2011_17.58.06_log.txt
[2011/07/13 20:57:55 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_13.07.2011_20.57.44_log.txt
[2011/07/13 20:59:23 | 000,043,024 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_13.07.2011_20.58.20_log.txt
[2011/07/13 22:09:23 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_13.07.2011_22.09.05_log.txt
[2011/07/14 08:49:46 | 000,042,780 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_14.07.2011_08.49.18_log.txt
[2011/07/14 09:03:13 | 000,042,780 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_14.07.2011_09.02.48_log.txt
[2011/09/22 23:48:05 | 000,043,442 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_22.09.2011_23.47.34_log.txt
[2011/09/24 10:31:02 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_24.09.2011_10.30.56_log.txt
[2011/09/24 10:41:57 | 000,043,546 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_24.09.2011_10.39.01_log.txt
[2011/08/25 10:24:52 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_25.08.2011_10.24.48_log.txt
[2011/08/25 10:25:09 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_25.08.2011_10.25.03_log.txt
[2011/08/25 10:26:20 | 000,084,098 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_25.08.2011_10.25.11_log.txt
[2011/09/25 09:04:44 | 000,043,442 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_25.09.2011_09.04.19_log.txt
[2011/09/26 12:32:22 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_26.09.2011_12.32.18_log.txt
[2011/09/26 13:07:38 | 000,043,568 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_26.09.2011_12.34.32_log.txt
[2009/12/01 15:34:43 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/11/11 16:00:51 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2011/05/12 17:32:42 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/11/11 07:47:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/11 07:47:45 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/11 07:47:45 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/11/11 16:01:27 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/11 16:06:30 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\LZanone\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/11/11 16:06:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LZanone\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/26 18:20:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LZanone\Desktop\aswMBR.exe
[2011/06/01 08:51:02 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\LZanone\Desktop\avira_antivir_personal_en(1).exe
[2011/09/27 16:11:36 | 004,231,882 | R--- | M] (Swearware) -- C:\Documents and Settings\LZanone\Desktop\ComboFix.exe
[2011/06/03 16:55:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LZanone\Desktop\OTL.exe
[2011/08/25 14:16:00 | 104,036,336 | ---- | M] () -- C:\Documents and Settings\LZanone\Desktop\setup_11.0.0.1245.x01_2011_08_25_19_32.exe
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LZanone\Desktop\TDSSKiller.exe
[2011/09/05 21:02:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\LZanone\Desktop\wtgir0ic.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/11/15 23:35:58 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/11/11 16:06:30 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\LZanone\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/09/29 15:43:03 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\LZanone\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2006/10/19 10:27:58 | 000,581,632 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 05:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 05:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2011/05/18 11:16:17 | 000,000,888 | RH-- | M] ()(C:\WINDOWS\System32\drivers\etc\???????hosts) -- C:\WINDOWS\System32\drivers\etc\鰘ꡜ叄聑ﭠ誁hosts
[2011/05/18 11:16:17 | 000,000,888 | RH-- | M] ()(C:\WINDOWS\System32\drivers\etc\???????hosts) -- C:\WINDOWS\System32\drivers\etc\찘ꙮ叄聑ﭠ誁hosts

< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    [2010/10/04 08:34:51 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\searchplugins\askcom.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O15 - HKU\S-1-5-21-796845957-813497703-1177238915-1003\..Trusted Domains: fatspaniel.net ([insight] https in Trusted sites)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2011/07/14 07:57:47 | 000,017,402 | -HS- | C] () -- C:\Documents and Settings\LZanone\Local Settings\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
    [2011/07/14 07:57:47 | 000,017,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Log:
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-813497703-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fatspaniel.net\insight\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\REN88.tmp deleted successfully.
C:\WINDOWS\System32\SET784.tmp deleted successfully.
C:\WINDOWS\System32\SET788.tmp deleted successfully.
C:\WINDOWS\System32\SET789.tmp deleted successfully.
C:\WINDOWS\System32\SET790.tmp deleted successfully.
C:\WINDOWS\System32\SET799.tmp deleted successfully.
C:\WINDOWS\System32\SET79A.tmp deleted successfully.
C:\WINDOWS\System32\SET79B.tmp deleted successfully.
C:\WINDOWS\System32\SET79E.tmp deleted successfully.
C:\WINDOWS\DUMP71d4.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\LZanone\Local Settings\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu moved successfully.
C:\Documents and Settings\All Users\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2801798 bytes
->Java cache emptied: 6102 bytes
->Flash cache emptied: 9829 bytes

User: LZanone
->Temp folder emptied: 16011850 bytes
->Temporary Internet Files folder emptied: 424257998 bytes
->Java cache emptied: 24146833 bytes
->FireFox cache emptied: 47118357 bytes
->Google Chrome cache emptied: 65827296 bytes
->Flash cache emptied: 406251 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 54088 bytes
->Flash cache emptied: 88210 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 362738 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 554.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: LZanone
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 09302011_164522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
checkup txt log:
leighzanone Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Trend Micro Client/Server Security Agent
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 27
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10.3.183.10
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent OfcPfwSvc.exe
``````````End of Log````````````
 
ESET scan:
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{50482d1b-b6ea-42c0-acc0-3cfe71be1baa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{50482d1b-b6ea-42c0-acc0-3cfe71be1baa}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{72568e42-bacf-4e33-b6aa-c7eca4d93d77}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{72568e42-bacf-4e33-b6aa-c7eca4d93d77}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{a6e97c20-1fc0-4aea-beff-b69923026165}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{a6e97c20-1fc0-4aea-beff-b69923026165}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{ba3e48ed-a7f1-4760-aa14-4d9835d11c2a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LZanone\Application Data\Mozilla\Firefox\Profiles\wlvrgxnw.default\extensions\{ba3e48ed-a7f1-4760-aa14-4d9835d11c2a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP439\A0095379.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP439\A0095423.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP440\A0095768.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP483\A0124708.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP483\A0124709.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP483\A0124710.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{1A2D6FE1-AAB1-49D1-9945-457D90A42059}\RP483\A0124711.manifest Win32/TrojanDownloader.Tracur.F trojan
 
Back