Hi Bobbye ...
new motherboard feels great - yes, u r correct Asus not Isus ... I'll confirm the model type from that website you advised later on ... tks.
Have created a new system restore point and deleted older ones ... when re-starting comp now i keep getting a "Windows File Protection" warning about some windows files have been chg'd etc... insert windows xp SP2 disc and ... but i have been ignoring it ...
Yeah, we were pretty clean before the YouTube short out ... only think you'd found some Hotspot Shield rogue files ... I still don't mind to gid rid of the program completely - i thought it was used for protection on-line when checking my on-line banking etc... but, i'm not sure if it does that - hotspot seems to indicate a wi-fi hotspot shield which I don't need for my PC.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5573
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
23-Jan-11 3:58:17 AM
mbam-log-2011-01-23 (03-58-17).txt
Scan type: Quick scan
Objects scanned: 150301
Time elapsed: 3 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
GMER 1.0.15.15530 -
http://www.gmer.net
Rootkit quick scan 2011-01-23 04:04:39
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 WDC_WD3200AAJS-22B4A0 rev.01.03A01
Running: plb4ffs0.exe; Driver: C:\DOCUME~1\Buzzzzz\LOCALS~1\Temp\kgpyikog.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21-Jan-11 5:22:42 PM
System Uptime: 23-Jan-11 3:46:18 AM (1 hours ago)
Motherboard: ASRock | | G31M-S.
Processor: Intel Pentium III Xeon processor | CPUSocket | 2493/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 250 GiB total, 160.253 GiB free.
D: is FIXED (NTFS) - 48 GiB total, 32.442 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP3: 23-Jan-11 3:36:45 AM - Jan23rd2011new motherboard
==== Installed Programs ======================
µTorrent
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11
Agere Systems PCI-SV92PP Soft Modem
Altysoft Free Video Converter 2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Avira AntiVir Personal - Free Antivirus
Bonjour
C-motech Connection Manager(CCU650)
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (remove only)
ClearType Tuning Control Panel Applet
CopyTrans Suite Remove Only
Everything 1.2.1.371
ffdshow [rev 735] [2007-01-02]
Foxit PDF Editor
Foxit Reader
GoodSync
Google Chrome
Google Earth
Google SketchUp 8
Google SketchUp Pro 7
Google Update Helper
GoogleDesktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.56
Image Resizer Powertoy for Windows XP
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 23
K-Lite Mega Codec Pack 4.1.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MIKSOFT Mobile Media Converter
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 4.0
Smart Defrag
Software Update for Web Folders
SopCast 3.2.9
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Thai2English
The KMPlayer (remove only)
unikode for Thai
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
Veetle TV 0.9.18
WebFldrs XP
Windows Media Player Firefox Plugin
WinX DVD Author 5.5.8
ZoneAlarm
ZoneAlarm Toolbar
==== Event Viewer Messages From Past Week ========
23-Jan-11 3:45:07 AM, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
23-Jan-11 3:45:07 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
23-Jan-11 3:45:07 AM, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
23-Jan-11 3:45:07 AM, error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
23-Jan-11 3:45:07 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23-Jan-11 3:22:16 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: General access denied error
22-Jan-11 6:43:23 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0025228F65F7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
22-Jan-11 5:27:48 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
21-Jan-11 5:23:41 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
21-Jan-11 5:19:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
16-Jan-11 12:11:20 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
16-Jan-11 12:11:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0021853BFF19 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by Buzzzzz at 4:09:06.98 on 23-Jan-11
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2739 [GMT 7:00]
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Buzzzzz\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local;*.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\buzzzzz\application data\mozilla\firefox\profiles\jjg4pz97.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "c:\documents and settings\buzzzzz\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\buzzzzz\applic~1\mozilla\firefox\profiles\jjg4pz97.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\buzzzzz\application data\mozilla\firefox\profiles\jjg4pz97.default\extensions\cfxhelper@triton\components\dwmxpcom.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\buzzzzz\application data\mozilla\firefox\profiles\jjg4pz97.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\buzzzzz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: Chromifox Basic:
chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Personas:
personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Virtus Search Opt-in:
extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-16 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-5 532224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-16 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-16 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-16 61960]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2009-2-9 58352]
R3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2009-2-9 8304]
R3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2009-2-9 93904]
R3 cmo_serd;Data Modem @ CDMA Second DS Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2009-2-9 73696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
=============== Created Last 30 ================
2011-01-21 10:51:35 68096 ----a-w- c:\windows\agrsmdel.exe
2011-01-21 10:51:35 1149888 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2011-01-21 10:45:54 73728 ----a-r- c:\windows\system32\RtNicProp32.dll
2011-01-21 10:45:54 120064 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2011-01-21 10:45:06 34816 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-21 10:45:06 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-21 10:45:04 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-21 10:43:54 920088 ----a-r- c:\windows\system32\igxpun.exe
2011-01-21 10:43:54 319456 ----a-r- c:\windows\system32\difxapi.dll
2011-01-21 10:42:23 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-01-21 10:42:07 -------- d-----w- C:\Intel
2011-01-21 10:21:59 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-01-21 10:20:58 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2011-01-21 10:17:24 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-21 10:17:24 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-01-21 10:16:46 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-01-21 10:16:46 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-01-21 10:16:45 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-01-21 10:16:45 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-01-21 10:16:45 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-01-21 10:16:45 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-01-21 10:16:45 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-01-21 10:16:45 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-01-21 10:02:59 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-21 10:02:59 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-21 10:02:59 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-21 10:02:59 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-15 11:50:59 -------- d-sha-r- C:\cmdcons
2011-01-15 08:12:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-15 08:12:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-15 08:12:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-01-15 08:12:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2011-01-15 08:12:06 -------- d-----w- c:\program files\Firefox
2011-01-15 08:12:06 -------- d-----w- c:\docume~1\buzzzzz\locals~1\applic~1\AVG Security Toolbar
2011-01-15 08:12:06 -------- d-----w- C:\$AVG
2011-01-13 19:56:24 -------- d---a-w- C:\cmdcons(2)
2011-01-08 10:48:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 10:48:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 10:48:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-25 20:26:38 -------- d-----w- c:\windows\system32\NtmsData
==================== Find3M ====================
2010-11-12 11:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 09:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 4:10:01.89 ===============
cheers and thanks again,
Buzz
PS: my 5 month old Min-Pin 1kg puppy is powering - even with another cast on her leg - 2 weeks for a check-up ...