ra12r

LDTate, here is the new combofix. Sadly, I have several things that I am unable to access to delete. Here is a couple of names: 1) chmrnuyv[1] 2) Downadup 3) a tracking cookie named sqlite ComboFix 11-12-04.04 - Sonia Evans 12/04/2011 22:09:46.14.1 - x86 Running from: c:\internet downloads\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\EventSystem.log . . ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 ))))))))))))))))))))))))))))))) . . 2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET 2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG 2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG 2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-12-02 11:29 . 2011-12-03 22:22 -------- d-----w- c:\windows\system32\drivers\AVG 2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG 2011-12-02 11:23 . 2011-12-03 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs 2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache 2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware 2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en 2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer 2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys + 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys + 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll + 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi + 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6027:TCP"= 6027:TCP:rcntsjph . R2 srsbibr;Manager Time;c:\windows\system32\svchost.exe [2008-04-14 14336] R2 xdhvim;Driver Server;c:\windows\system32\svchost.exe [2008-04-14 14336] R2 zfybfwie;Network Server;c:\windows\system32\svchost.exe [2008-04-14 14336] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srsbibr cfimslpn xdhvim zfybfwie . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4 FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-04 22:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cfimslpn] "ServiceDll"="c:\windows\system32\vrcrs.dll" . Completion time: 2011-12-04 22:20:24 ComboFix-quarantined-files.txt 2011-12-05 03:20 ComboFix2.txt 2011-12-01 03:04 ComboFix3.txt 2011-11-30 04:38 ComboFix4.txt 2011-11-30 02:53 ComboFix5.txt 2011-12-05 03:08 . Pre-Run: 103,061,000,192 bytes free Post-Run: 103,042,113,536 bytes free . - - End Of File - - 5002CBD74EDDDE16C9E7C8E8C90BB990

ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3aea3fcff2e40c4883357ca36cc71eca # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-03 03:52:09 # local_time=2011-12-03 10:52:09 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=crash # scanned=134266 # found=13 # cleaned=13 # scan_time=9179 C:\Internet Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C C:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000033.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000034.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000035.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C E:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C E:\Lovell Goens\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

LDTate, Nothing was checked in spybot, so I am running online ESET now... will post later it is moving slow and I have to go to work.

LDTate, just found this trying to get to a default baseline to see stuff out of place... Boot Item2.doc

DANG IT!!! Now I am unable to get into safemode. I can get to the screen to choose safemode, but then the keyboard is dead so I can not arrow up to choose safemode. But, I am able to complete reboot into regular and got back here without being blocked. There is something running in my system named VRCRS.dll It have been found a couple of time as a worm or suspicious. I used fileassassin to delete the other day, but I saw it again when I ran pc tuneup by AVG and could not unlock the file to delete and then it popped up a screen "worm found" and it is still in the system under processes in that same svchost.exe But it does not have a name associated with it that I or cant understand how to find application/services/process name.....sigh

LDTate, NO!!! I promise you that I am NOT!!! There is something hiding in my processes, but that is what I have been saying the whole time. I don't know how to see what is loading, but if you could watch my screen you would be able to see WHEN it loads because it affects the screen. I simply just run the scans and then highlight and copy and paste. I also run the stuff in safe mode and it does not really do anything different. I will run dds in safemode and post that scan.

Oh, I have ran AVG on the computer instead of AVAST and it found several things that was missed or whatever. So I have not unintstalled it yet (but I will later) as it seems to be a bit more detailed in finding stuff.... so it seems.

LDTate, Here is my new DDS scan. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Sonia Evans at 0:37:32 on 2011-12-03 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: rexplorer.net DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318504715250 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318649841562 TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{29B64B33-71B6-48DC-9796-9058471823B5} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{9CEA6E8D-6780-4CBD-B697-934D4F39934C} : DhcpNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\sonia evans\application data\mozilla\firefox\profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2011-12-02 12:30:30 -------- d-----w- c:\documents and settings\sonia evans\application data\AVG 2011-12-02 11:52:49 -------- d--h--w- C:\$AVG 2011-12-02 11:34:37 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2011-12-02 11:34:36 -------- d-----w- c:\documents and settings\sonia evans\application data\AVG2012 2011-12-02 11:29:11 -------- d-----w- c:\windows\system32\drivers\AVG 2011-12-02 11:29:11 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2011-12-02 11:28:47 -------- d-----w- c:\program files\AVG 2011-12-02 11:23:56 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-11-30 05:30:25 -------- d-----w- c:\windows\Internet Logs 2011-11-30 04:25:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-11-30 04:25:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-11-28 04:07:38 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49:12 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-11-21 04:12:11 -------- d-sh--w- c:\documents and settings\sonia evans\IECompatCache 2011-11-19 15:52:35 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-19 06:05:19 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\Apple 2011-11-19 06:04:55 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\PackageAware 2011-11-19 06:04:43 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-11-19 06:04:05 -------- d-----w- c:\windows\system32\en 2011-11-14 03:50:22 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42:41 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\Apple Computer 2011-11-13 18:41:32 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . ==================== Find3M ==================== . 2011-11-18 11:55:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59:29 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . ============= FINISH: 0:38:04.60 ===============

LDTate, I ran a program called "Getservices" and this is the log. I still have to flushdns each time I try to get to this website, but other websites still work no problem. I am also still having issues with my mouse and keyboard. I am looking for something that is loading "after the first time the desktop pic loads and before the lan icon shows up"... just before the lan icon appears something starts and removes the desktop pic "blue screen only" and then reloads desktop pic but then the blue screen closes slow or pic loads slow (scrolling as described in previous post). After that symptoms start showing up! Can you find what is loading??? SERVICE_NAME: AudioSrv DISPLAY_NAME: Windows Audio TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : AudioGroup TAG : 0 DISPLAY_NAME : Windows Audio DEPENDENCIES : PlugPlay : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Browser DISPLAY_NAME: Computer Browser TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Computer Browser DEPENDENCIES : LanmanWorkstation : LanmanServer SERVICE_START_NAME : LocalSystem SERVICE_NAME: CryptSvc DISPLAY_NAME: CryptSvc TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : CryptSvc DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: DcomLaunch DISPLAY_NAME: DCOM Server Process Launcher TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 852 FLAGS : DESCRIPTION : Provides launch functionality for DCOM services. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k DcomLaunch LOAD_ORDER_GROUP : Event Log TAG : 0 DISPLAY_NAME : DCOM Server Process Launcher SERVICE_START_NAME : LocalSystem SERVICE_NAME: Dhcp DISPLAY_NAME: DHCP Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME : LocalSystem SERVICE_NAME: Dnscache DISPLAY_NAME: DNS Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1108 FLAGS : DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tcpip SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: Eventlog DISPLAY_NAME: Event Log TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 684 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe LOAD_ORDER_GROUP : Event log TAG : 0 DISPLAY_NAME : Event Log SERVICE_START_NAME : LocalSystem SERVICE_NAME: helpsvc DISPLAY_NAME: Help and Support TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Help and Support DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: HidServ DISPLAY_NAME: HID Input Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : HID Input Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanserver DISPLAY_NAME: Server TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Server SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanworkstation DISPLAY_NAME: Workstation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : NetworkProvider TAG : 0 DISPLAY_NAME : Workstation SERVICE_START_NAME : LocalSystem SERVICE_NAME: Netman DISPLAY_NAME: Network Connections TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Network Connections DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Nla DISPLAY_NAME: Network Location Awareness (NLA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Network Location Awareness (NLA) DEPENDENCIES : Tcpip : Afd SERVICE_START_NAME : LocalSystem SERVICE_NAME: PlugPlay DISPLAY_NAME: Plug and Play TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 684 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe LOAD_ORDER_GROUP : PlugPlay TAG : 0 DISPLAY_NAME : Plug and Play SERVICE_START_NAME : LocalSystem SERVICE_NAME: PolicyAgent DISPLAY_NAME: IPSEC Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 696 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IPSEC Services DEPENDENCIES : RPCSS : Tcpip : IPSec SERVICE_START_NAME : LocalSystem SERVICE_NAME: ProtectedStorage DISPLAY_NAME: Protected Storage TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 696 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Protected Storage DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: RpcLocator DISPLAY_NAME: Remote Procedure Call (RPC) Locator TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1408 FLAGS : DESCRIPTION : Manages the RPC name service database. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) Locator DEPENDENCIES : LanmanWorkstation SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: RpcSs DISPLAY_NAME: Remote Procedure Call (RPC) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 936 FLAGS : DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) SERVICE_START_NAME : NT Authority\NetworkService SERVICE_NAME: SamSs DISPLAY_NAME: Security Accounts Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 696 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Stores security information for local user accounts. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : LocalValidation TAG : 0 DISPLAY_NAME : Security Accounts Manager DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: seclogon DISPLAY_NAME: Secondary Logon TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Secondary Logon SERVICE_START_NAME : LocalSystem SERVICE_NAME: SharedAccess DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) DEPENDENCIES : Netman : WinMgmt SERVICE_START_NAME : LocalSystem SERVICE_NAME: Spooler DISPLAY_NAME: Print Spooler TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1268 FLAGS : DESCRIPTION : Loads files to memory for later printing. TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe LOAD_ORDER_GROUP : SpoolerGroup TAG : 0 DISPLAY_NAME : Print Spooler DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: SSDPSRV DISPLAY_NAME: SSDP Discovery Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 124 FLAGS : DESCRIPTION : Enables discovery of UPnP devices on your home network. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : SSDP Discovery Service DEPENDENCIES : HTTP SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: stisvc DISPLAY_NAME: Windows Image Acquisition (WIA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1436 FLAGS : DESCRIPTION : Provides image acquisition services for scanners and cameras. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Image Acquisition (WIA) DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: TermService DISPLAY_NAME: Terminal Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 852 FLAGS : DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k DComLaunch LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Terminal Services DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: UMWdf DISPLAY_NAME: Windows User Mode Driver Framework TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1524 FLAGS : DESCRIPTION : Enables Windows user mode drivers. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows User Mode Driver Framework DEPENDENCIES : RpcSs SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: w32time DISPLAY_NAME: Windows Time TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Time SERVICE_START_NAME : LocalSystem SERVICE_NAME: winmgmt DISPLAY_NAME: Windows Management Instrumentation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Management Instrumentation DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: WZCSVC DISPLAY_NAME: Wireless Zero Configuration TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1056 FLAGS : DESCRIPTION : Provides automatic configuration for the 802.11 adapters TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : Wireless Zero Configuration DEPENDENCIES : RpcSs : Ndisuio SERVICE_START_NAME : LocalSystem

Just ran it again but this time NOT in safemode. Here is the log. 22:15:29.0515 1040 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 22:15:29.0703 1040 ============================================================ 22:15:29.0703 1040 Current date / time: 2011/12/01 22:15:29.0703 22:15:29.0703 1040 SystemInfo: 22:15:29.0703 1040 22:15:29.0703 1040 OS Version: 5.1.2600 ServicePack: 3.0 22:15:29.0703 1040 Product type: Workstation 22:15:29.0703 1040 ComputerName: HIGHLANDER 22:15:29.0703 1040 UserName: Sonia Evans 22:15:29.0703 1040 Windows directory: C:\WINDOWS 22:15:29.0703 1040 System windows directory: C:\WINDOWS 22:15:29.0703 1040 Processor architecture: Intel x86 22:15:29.0703 1040 Number of processors: 1 22:15:29.0703 1040 Page size: 0x1000 22:15:29.0703 1040 Boot type: Normal boot 22:15:29.0703 1040 ============================================================ 22:15:30.0984 1040 Initialize success 22:15:42.0375 1264 ============================================================ 22:15:42.0375 1264 Scan started 22:15:42.0375 1264 Mode: Manual; SigCheck; TDLFS; 22:15:42.0375 1264 ============================================================ 22:15:42.0781 1264 Abiosdsk - ok 22:15:42.0828 1264 abp480n5 - ok 22:15:42.0921 1264 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:15:44.0625 1264 ACPI - ok 22:15:44.0718 1264 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:15:44.0921 1264 ACPIEC - ok 22:15:45.0000 1264 adpu160m - ok 22:15:45.0078 1264 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:15:45.0250 1264 aec - ok 22:15:45.0312 1264 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 22:15:45.0468 1264 AFD - ok 22:15:45.0531 1264 Aha154x - ok 22:15:45.0578 1264 aic78u2 - ok 22:15:45.0625 1264 aic78xx - ok 22:15:45.0703 1264 AliIde - ok 22:15:45.0765 1264 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 22:15:45.0937 1264 AmdK7 - ok 22:15:45.0984 1264 amsint - ok 22:15:46.0046 1264 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys 22:15:46.0062 1264 AnyDVD - ok 22:15:46.0109 1264 asc - ok 22:15:46.0156 1264 asc3350p - ok 22:15:46.0203 1264 asc3550 - ok 22:15:46.0343 1264 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:15:46.0500 1264 AsyncMac - ok 22:15:46.0562 1264 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:15:46.0750 1264 atapi - ok 22:15:46.0765 1264 Atdisk - ok 22:15:46.0828 1264 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:15:47.0015 1264 Atmarpc - ok 22:15:47.0093 1264 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:15:47.0296 1264 audstub - ok 22:15:47.0343 1264 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:15:47.0578 1264 Beep - ok 22:15:47.0671 1264 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 22:15:47.0750 1264 BrScnUsb - ok 22:15:47.0796 1264 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys 22:15:47.0812 1264 BrSerIf - ok 22:15:47.0875 1264 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 22:15:47.0890 1264 BrUsbSer - ok 22:15:47.0937 1264 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:15:48.0171 1264 cbidf2k - ok 22:15:48.0250 1264 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:15:48.0406 1264 CCDECODE - ok 22:15:48.0437 1264 cd20xrnt - ok 22:15:48.0484 1264 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:15:48.0703 1264 Cdaudio - ok 22:15:48.0765 1264 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:15:48.0921 1264 Cdfs - ok 22:15:48.0968 1264 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:15:49.0140 1264 Cdrom - ok 22:15:49.0156 1264 Suspicious service (NoAccess): cfimslpn 22:15:49.0234 1264 CmdIde - ok 22:15:49.0296 1264 cmuda (d9b11a34a4efbd4e12b719c89f09bef3) C:\WINDOWS\system32\drivers\cmuda.sys 22:15:49.0390 1264 cmuda - ok 22:15:49.0468 1264 Cpqarray - ok 22:15:49.0515 1264 dac2w2k - ok 22:15:49.0562 1264 dac960nt - ok 22:15:49.0703 1264 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:15:49.0875 1264 Disk - ok 22:15:49.0984 1264 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:15:50.0234 1264 dmboot - ok 22:15:50.0281 1264 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 22:15:50.0453 1264 dmio - ok 22:15:50.0515 1264 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:15:50.0750 1264 dmload - ok 22:15:50.0812 1264 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:15:50.0968 1264 DMusic - ok 22:15:51.0031 1264 dpti2o - ok 22:15:51.0093 1264 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:15:51.0250 1264 drmkaud - ok 22:15:51.0328 1264 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 22:15:51.0343 1264 ElbyCDIO - ok 22:15:51.0421 1264 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:15:51.0578 1264 Fastfat - ok 22:15:51.0640 1264 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:15:51.0796 1264 Fdc - ok 22:15:51.0859 1264 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 22:15:52.0093 1264 FETNDIS - ok 22:15:52.0156 1264 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:15:52.0296 1264 Fips - ok 22:15:52.0359 1264 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:15:52.0515 1264 Flpydisk - ok 22:15:52.0593 1264 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:15:52.0765 1264 FltMgr - ok 22:15:52.0828 1264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:15:53.0062 1264 Fs_Rec - ok 22:15:53.0125 1264 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:15:53.0359 1264 Ftdisk - ok 22:15:53.0421 1264 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 22:15:53.0578 1264 gameenum - ok 22:15:53.0640 1264 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:15:53.0812 1264 Gpc - ok 22:15:53.0906 1264 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:15:54.0046 1264 HidUsb - ok 22:15:54.0093 1264 hpn - ok 22:15:54.0171 1264 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 22:15:54.0359 1264 HTTP - ok 22:15:54.0406 1264 i2omp - ok 22:15:54.0468 1264 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:15:54.0640 1264 i8042prt - ok 22:15:54.0718 1264 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:15:54.0890 1264 Imapi - ok 22:15:54.0937 1264 ini910u - ok 22:15:55.0000 1264 IntelIde - ok 22:15:55.0093 1264 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:15:55.0234 1264 ip6fw - ok 22:15:55.0312 1264 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:15:55.0546 1264 IpFilterDriver - ok 22:15:55.0593 1264 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:15:55.0750 1264 IpInIp - ok 22:15:55.0812 1264 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:15:55.0984 1264 IpNat - ok 22:15:56.0015 1264 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:15:56.0171 1264 IPSec - ok 22:15:56.0234 1264 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:15:56.0375 1264 IRENUM - ok 22:15:56.0453 1264 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:15:56.0609 1264 isapnp - ok 22:15:56.0671 1264 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:15:56.0828 1264 Kbdclass - ok 22:15:56.0906 1264 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:15:57.0031 1264 kbdhid - ok 22:15:57.0109 1264 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:15:57.0250 1264 kmixer - ok 22:15:57.0312 1264 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 22:15:57.0484 1264 KSecDD - ok 22:15:57.0703 1264 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:15:57.0921 1264 mnmdd - ok 22:15:57.0968 1264 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:15:58.0140 1264 Modem - ok 22:15:58.0203 1264 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:15:58.0343 1264 Mouclass - ok 22:15:58.0406 1264 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:15:58.0640 1264 mouhid - ok 22:15:58.0687 1264 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:15:58.0828 1264 MountMgr - ok 22:15:58.0875 1264 mraid35x - ok 22:15:58.0937 1264 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:15:59.0078 1264 MRxDAV - ok 22:15:59.0140 1264 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:15:59.0328 1264 MRxSmb - ok 22:15:59.0390 1264 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:15:59.0546 1264 Msfs - ok 22:15:59.0625 1264 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:15:59.0796 1264 MSKSSRV - ok 22:15:59.0843 1264 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:16:00.0000 1264 MSPCLOCK - ok 22:16:00.0062 1264 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:16:00.0203 1264 MSPQM - ok 22:16:00.0281 1264 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:16:00.0421 1264 mssmbios - ok 22:16:00.0468 1264 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 22:16:00.0609 1264 MSTEE - ok 22:16:00.0656 1264 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 22:16:00.0796 1264 Mup - ok 22:16:00.0859 1264 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:16:01.0015 1264 NABTSFEC - ok 22:16:01.0062 1264 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:16:01.0234 1264 NDIS - ok 22:16:01.0281 1264 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:16:01.0421 1264 NdisIP - ok 22:16:01.0484 1264 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:16:01.0640 1264 NdisTapi - ok 22:16:01.0687 1264 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:16:01.0859 1264 Ndisuio - ok 22:16:01.0921 1264 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:16:02.0093 1264 NdisWan - ok 22:16:02.0140 1264 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 22:16:02.0296 1264 NDProxy - ok 22:16:02.0359 1264 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:16:02.0484 1264 NetBIOS - ok 22:16:02.0531 1264 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:16:02.0687 1264 NetBT - ok 22:16:02.0828 1264 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:16:02.0968 1264 Npfs - ok 22:16:03.0046 1264 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:16:03.0234 1264 Ntfs - ok 22:16:03.0312 1264 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:16:03.0531 1264 Null - ok 22:16:03.0578 1264 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:16:03.0796 1264 NwlnkFlt - ok 22:16:03.0828 1264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:16:04.0031 1264 NwlnkFwd - ok 22:16:04.0109 1264 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:16:04.0250 1264 Parport - ok 22:16:04.0312 1264 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:16:04.0453 1264 PartMgr - ok 22:16:04.0484 1264 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:16:04.0718 1264 ParVdm - ok 22:16:04.0781 1264 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:16:04.0921 1264 PCI - ok 22:16:04.0984 1264 PCIIde - ok 22:16:05.0046 1264 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:16:05.0187 1264 Pcmcia - ok 22:16:05.0234 1264 perc2 - ok 22:16:05.0281 1264 perc2hib - ok 22:16:05.0437 1264 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:16:05.0593 1264 PptpMiniport - ok 22:16:05.0656 1264 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 22:16:05.0812 1264 Processor - ok 22:16:05.0875 1264 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:16:06.0000 1264 PSched - ok 22:16:06.0046 1264 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:16:06.0250 1264 Ptilink - ok 22:16:06.0281 1264 ql1080 - ok 22:16:06.0328 1264 Ql10wnt - ok 22:16:06.0359 1264 ql12160 - ok 22:16:06.0421 1264 ql1240 - ok 22:16:06.0453 1264 ql1280 - ok 22:16:06.0515 1264 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:16:06.0718 1264 RasAcd - ok 22:16:06.0796 1264 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:16:06.0953 1264 Rasl2tp - ok 22:16:07.0000 1264 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:16:07.0171 1264 RasPppoe - ok 22:16:07.0218 1264 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:16:07.0437 1264 Raspti - ok 22:16:07.0484 1264 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:16:07.0640 1264 Rdbss - ok 22:16:07.0703 1264 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:16:07.0875 1264 RDPCDD - ok 22:16:07.0953 1264 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:16:08.0109 1264 rdpdr - ok 22:16:08.0171 1264 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 22:16:08.0312 1264 RDPWD - ok 22:16:08.0375 1264 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:16:08.0531 1264 redbook - ok 22:16:08.0687 1264 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 22:16:08.0781 1264 RTL8023xp - ok 22:16:08.0828 1264 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 22:16:08.0953 1264 rtl8139 - ok 22:16:09.0078 1264 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:16:09.0218 1264 serenum - ok 22:16:09.0281 1264 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:16:09.0421 1264 Serial - ok 22:16:09.0500 1264 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys 22:16:09.0703 1264 sermouse - ok 22:16:09.0812 1264 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:16:09.0953 1264 Sfloppy - ok 22:16:10.0046 1264 Simbad - ok 22:16:10.0093 1264 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:16:10.0234 1264 SLIP - ok 22:16:10.0265 1264 Sparrow - ok 22:16:10.0343 1264 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:16:10.0484 1264 splitter - ok 22:16:10.0562 1264 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:16:10.0703 1264 sr - ok 22:16:10.0703 1264 Suspicious service (NoAccess): srsbibr 22:16:10.0781 1264 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 22:16:10.0921 1264 Srv - ok 22:16:11.0000 1264 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 22:16:11.0218 1264 StillCam - ok 22:16:11.0265 1264 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:16:11.0421 1264 streamip - ok 22:16:11.0484 1264 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:16:11.0625 1264 swenum - ok 22:16:11.0656 1264 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:16:11.0796 1264 swmidi - ok 22:16:11.0843 1264 symc810 - ok 22:16:11.0890 1264 symc8xx - ok 22:16:11.0921 1264 sym_hi - ok 22:16:11.0984 1264 sym_u3 - ok 22:16:12.0031 1264 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:16:12.0171 1264 sysaudio - ok 22:16:12.0250 1264 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:16:12.0437 1264 Tcpip - ok 22:16:12.0484 1264 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:16:12.0625 1264 TDPIPE - ok 22:16:12.0703 1264 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:16:12.0843 1264 TDTCP - ok 22:16:12.0906 1264 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:16:13.0046 1264 TermDD - ok 22:16:13.0125 1264 TosIde - ok 22:16:13.0250 1264 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 22:16:13.0375 1264 uagp35 - ok 22:16:13.0421 1264 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:16:13.0562 1264 Udfs - ok 22:16:13.0609 1264 ultra - ok 22:16:13.0687 1264 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:16:13.0859 1264 Update - ok 22:16:13.0968 1264 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:16:14.0125 1264 usbccgp - ok 22:16:14.0218 1264 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:16:14.0343 1264 usbehci - ok 22:16:14.0406 1264 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:16:14.0562 1264 usbhub - ok 22:16:14.0625 1264 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:16:14.0781 1264 usbprint - ok 22:16:14.0828 1264 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:16:14.0968 1264 usbscan - ok 22:16:15.0078 1264 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:16:15.0218 1264 USBSTOR - ok 22:16:15.0296 1264 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:16:15.0437 1264 usbuhci - ok 22:16:15.0500 1264 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:16:15.0640 1264 VgaSave - ok 22:16:15.0718 1264 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys 22:16:15.0765 1264 viagfx - ok 22:16:15.0812 1264 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 22:16:15.0953 1264 ViaIde - ok 22:16:16.0015 1264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:16:16.0171 1264 VolSnap - ok 22:16:16.0312 1264 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:16:16.0468 1264 Wanarp - ok 22:16:16.0515 1264 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:16:16.0671 1264 wdmaud - ok 22:16:16.0921 1264 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:16:17.0078 1264 WSTCODEC - ok 22:16:17.0109 1264 Suspicious service (NoAccess): xdhvim 22:16:17.0218 1264 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:16:17.0437 1264 \Device\Harddisk0\DR0 - ok 22:16:17.0468 1264 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 22:16:17.0703 1264 \Device\Harddisk1\DR1 - ok 22:16:17.0734 1264 Boot (0x1200) (65d618203286eca004a097f30dcfa923) \Device\Harddisk0\DR0\Partition0 22:16:17.0734 1264 \Device\Harddisk0\DR0\Partition0 - ok 22:16:17.0781 1264 Boot (0x1200) (b69aee1c213a7e7fe1e9d3f1721eb166) \Device\Harddisk1\DR1\Partition0 22:16:17.0781 1264 \Device\Harddisk1\DR1\Partition0 - ok 22:16:17.0796 1264 ============================================================ 22:16:17.0796 1264 Scan finished 22:16:17.0796 1264 ============================================================ 22:16:17.0937 1100 Detected object count: 0 22:16:17.0953 1100 Actual detected object count: 0

Okay I kept unpluging and replugging the usb mouse connect until it worked enough to get to the shared folder which I had save the TDSS download using another computer on my home network. It did NOT find anything. But I will post the report. Then I started Malwarebytes and used the fileassassin to delete a file I saw in a previous log named VRCRS.DLL and that has released all my mouse and keyboard again. I still noticed on startup that the screen is still rewriting?! DANG.... 21:46:49.0859 0812 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 21:46:49.0953 0812 ============================================================ 21:46:49.0953 0812 Current date / time: 2011/12/01 21:46:49.0953 21:46:49.0953 0812 SystemInfo: 21:46:49.0953 0812 21:46:49.0953 0812 OS Version: 5.1.2600 ServicePack: 3.0 21:46:49.0953 0812 Product type: Workstation 21:46:49.0953 0812 ComputerName: HIGHLANDER 21:46:49.0953 0812 UserName: Sonia Evans 21:46:49.0953 0812 Windows directory: C:\WINDOWS 21:46:49.0953 0812 System windows directory: C:\WINDOWS 21:46:49.0953 0812 Processor architecture: Intel x86 21:46:49.0953 0812 Number of processors: 1 21:46:49.0953 0812 Page size: 0x1000 21:46:49.0953 0812 Boot type: Safe boot 21:46:49.0953 0812 ============================================================ 21:46:54.0218 0812 Initialize success 21:47:05.0156 0836 ============================================================ 21:47:05.0156 0836 Scan started 21:47:05.0156 0836 Mode: Manual; SigCheck; TDLFS; 21:47:05.0156 0836 ============================================================ 21:47:06.0484 0836 Abiosdsk - ok 21:47:06.0718 0836 abp480n5 - ok 21:47:07.0031 0836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:47:12.0031 0836 ACPI - ok 21:47:12.0328 0836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:47:12.0546 0836 ACPIEC - ok 21:47:12.0765 0836 adpu160m - ok 21:47:13.0125 0836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:47:13.0421 0836 aec - ok 21:47:13.0734 0836 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 21:47:14.0015 0836 AFD - ok 21:47:14.0250 0836 Aha154x - ok 21:47:14.0500 0836 aic78u2 - ok 21:47:14.0734 0836 aic78xx - ok 21:47:15.0078 0836 AliIde - ok 21:47:15.0406 0836 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 21:47:15.0656 0836 AmdK7 - ok 21:47:15.0875 0836 amsint - ok 21:47:16.0203 0836 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys 21:47:16.0328 0836 AnyDVD - ok 21:47:16.0578 0836 asc - ok 21:47:16.0859 0836 asc3350p - ok 21:47:17.0140 0836 asc3550 - ok 21:47:17.0500 0836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:47:17.0750 0836 AsyncMac - ok 21:47:18.0031 0836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:47:18.0296 0836 atapi - ok 21:47:18.0562 0836 Atdisk - ok 21:47:18.0843 0836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:47:19.0046 0836 Atmarpc - ok 21:47:19.0343 0836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:47:19.0625 0836 audstub - ok 21:47:19.0937 0836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:47:20.0203 0836 Beep - ok 21:47:20.0484 0836 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 21:47:20.0578 0836 BrScnUsb - ok 21:47:20.0828 0836 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys 21:47:20.0875 0836 BrSerIf - ok 21:47:21.0109 0836 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 21:47:21.0156 0836 BrUsbSer - ok 21:47:21.0390 0836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:47:21.0640 0836 cbidf2k - ok 21:47:21.0875 0836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:47:22.0046 0836 CCDECODE - ok 21:47:22.0281 0836 cd20xrnt - ok 21:47:22.0562 0836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:47:22.0765 0836 Cdaudio - ok 21:47:23.0031 0836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:47:23.0265 0836 Cdfs - ok 21:47:23.0500 0836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:47:23.0671 0836 Cdrom - ok 21:47:23.0687 0836 Suspicious service (NoAccess): cfimslpn 21:47:23.0968 0836 CmdIde - ok 21:47:24.0453 0836 cmuda (d9b11a34a4efbd4e12b719c89f09bef3) C:\WINDOWS\system32\drivers\cmuda.sys 21:47:24.0875 0836 cmuda - ok 21:47:25.0125 0836 Cpqarray - ok 21:47:25.0359 0836 dac2w2k - ok 21:47:25.0609 0836 dac960nt - ok 21:47:25.0906 0836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:47:26.0078 0836 Disk - ok 21:47:26.0593 0836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:47:27.0140 0836 dmboot - ok 21:47:27.0437 0836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:47:27.0656 0836 dmio - ok 21:47:27.0921 0836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:47:28.0156 0836 dmload - ok 21:47:28.0453 0836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:47:28.0609 0836 DMusic - ok 21:47:28.0921 0836 dpti2o - ok 21:47:29.0171 0836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:47:29.0343 0836 drmkaud - ok 21:47:29.0656 0836 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 21:47:29.0671 0836 ElbyCDIO - ok 21:47:30.0015 0836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:47:30.0265 0836 Fastfat - ok 21:47:30.0515 0836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:47:30.0671 0836 Fdc - ok 21:47:30.0921 0836 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 21:47:31.0156 0836 FETNDIS - ok 21:47:31.0453 0836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:47:31.0593 0836 Fips - ok 21:47:31.0828 0836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:47:32.0000 0836 Flpydisk - ok 21:47:32.0312 0836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:47:32.0500 0836 FltMgr - ok 21:47:32.0750 0836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:47:32.0968 0836 Fs_Rec - ok 21:47:33.0265 0836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:47:33.0500 0836 Ftdisk - ok 21:47:33.0765 0836 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 21:47:33.0921 0836 gameenum - ok 21:47:34.0171 0836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:47:34.0359 0836 Gpc - ok 21:47:34.0640 0836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:47:34.0796 0836 HidUsb - ok 21:47:35.0015 0836 hpn - ok 21:47:35.0375 0836 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 21:47:35.0625 0836 HTTP - ok 21:47:35.0875 0836 i2omp - ok 21:47:36.0140 0836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:47:36.0343 0836 i8042prt - ok 21:47:36.0593 0836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:47:36.0750 0836 Imapi - ok 21:47:37.0000 0836 ini910u - ok 21:47:37.0250 0836 IntelIde - ok 21:47:37.0515 0836 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:47:37.0687 0836 ip6fw - ok 21:47:37.0953 0836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:47:38.0203 0836 IpFilterDriver - ok 21:47:38.0453 0836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:47:38.0609 0836 IpInIp - ok 21:47:38.0906 0836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:47:39.0109 0836 IpNat - ok 21:47:39.0406 0836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:47:39.0562 0836 IPSec - ok 21:47:39.0812 0836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:47:39.0968 0836 IRENUM - ok 21:47:40.0234 0836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:47:40.0406 0836 isapnp - ok 21:47:40.0656 0836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:47:40.0812 0836 Kbdclass - ok 21:47:41.0046 0836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:47:41.0171 0836 kbdhid - ok 21:47:41.0453 0836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:47:41.0671 0836 kmixer - ok 21:47:41.0953 0836 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 21:47:42.0140 0836 KSecDD - ok 21:47:42.0484 0836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:47:42.0687 0836 mnmdd - ok 21:47:42.0937 0836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:47:43.0093 0836 Modem - ok 21:47:43.0343 0836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:47:43.0515 0836 Mouclass - ok 21:47:43.0765 0836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:47:43.0968 0836 mouhid - ok 21:47:44.0250 0836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:47:44.0437 0836 MountMgr - ok 21:47:44.0671 0836 mraid35x - ok 21:47:44.0968 0836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:47:45.0187 0836 MRxDAV - ok 21:47:45.0546 0836 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:47:45.0921 0836 MRxSmb - ok 21:47:46.0187 0836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:47:46.0343 0836 Msfs - ok 21:47:46.0609 0836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:47:46.0765 0836 MSKSSRV - ok 21:47:47.0015 0836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:47:47.0156 0836 MSPCLOCK - ok 21:47:47.0406 0836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:47:47.0546 0836 MSPQM - ok 21:47:47.0796 0836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:47:47.0937 0836 mssmbios - ok 21:47:48.0187 0836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:47:48.0328 0836 MSTEE - ok 21:47:48.0593 0836 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 21:47:48.0765 0836 Mup - ok 21:47:49.0031 0836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:47:49.0218 0836 NABTSFEC - ok 21:47:49.0531 0836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:47:49.0750 0836 NDIS - ok 21:47:50.0000 0836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:47:50.0140 0836 NdisIP - ok 21:47:50.0406 0836 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:47:50.0562 0836 NdisTapi - ok 21:47:50.0812 0836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:47:50.0953 0836 Ndisuio - ok 21:47:51.0234 0836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:47:51.0406 0836 NdisWan - ok 21:47:51.0656 0836 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 21:47:51.0812 0836 NDProxy - ok 21:47:52.0062 0836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:47:52.0187 0836 NetBIOS - ok 21:47:52.0515 0836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:47:52.0687 0836 NetBT - ok 21:47:53.0000 0836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:47:53.0140 0836 Npfs - ok 21:47:53.0546 0836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:47:53.0968 0836 Ntfs - ok 21:47:54.0265 0836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:47:54.0453 0836 Null - ok 21:47:54.0718 0836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:47:54.0890 0836 NwlnkFlt - ok 21:47:55.0109 0836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:47:55.0343 0836 NwlnkFwd - ok 21:47:55.0640 0836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 21:47:55.0796 0836 Parport - ok 21:47:56.0062 0836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:47:56.0187 0836 PartMgr - ok 21:47:56.0453 0836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:47:56.0656 0836 ParVdm - ok 21:47:56.0937 0836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:47:57.0078 0836 PCI - ok 21:47:57.0312 0836 PCIIde - ok 21:47:57.0593 0836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:47:57.0765 0836 Pcmcia - ok 21:47:58.0000 0836 perc2 - ok 21:47:58.0218 0836 perc2hib - ok 21:47:58.0593 0836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:47:58.0750 0836 PptpMiniport - ok 21:47:59.0015 0836 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 21:47:59.0156 0836 Processor - ok 21:47:59.0453 0836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:47:59.0609 0836 PSched - ok 21:47:59.0875 0836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:48:00.0078 0836 Ptilink - ok 21:48:00.0312 0836 ql1080 - ok 21:48:00.0546 0836 Ql10wnt - ok 21:48:00.0765 0836 ql12160 - ok 21:48:01.0000 0836 ql1240 - ok 21:48:01.0218 0836 ql1280 - ok 21:48:01.0468 0836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:48:01.0656 0836 RasAcd - ok 21:48:01.0921 0836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:48:02.0078 0836 Rasl2tp - ok 21:48:02.0343 0836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:48:02.0484 0836 RasPppoe - ok 21:48:02.0734 0836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:48:02.0968 0836 Raspti - ok 21:48:03.0250 0836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:48:03.0453 0836 Rdbss - ok 21:48:03.0687 0836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:48:03.0875 0836 RDPCDD - ok 21:48:04.0171 0836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:48:04.0390 0836 rdpdr - ok 21:48:04.0718 0836 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 21:48:04.0906 0836 RDPWD - ok 21:48:05.0171 0836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:48:05.0343 0836 redbook - ok 21:48:05.0750 0836 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 21:48:05.0921 0836 RTL8023xp - ok 21:48:06.0171 0836 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 21:48:06.0312 0836 rtl8139 - ok 21:48:06.0671 0836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:48:06.0812 0836 serenum - ok 21:48:07.0062 0836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 21:48:07.0250 0836 Serial - ok 21:48:07.0500 0836 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys 21:48:07.0703 0836 sermouse - ok 21:48:08.0015 0836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:48:08.0156 0836 Sfloppy - ok 21:48:08.0390 0836 Simbad - ok 21:48:08.0625 0836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:48:08.0796 0836 SLIP - ok 21:48:09.0031 0836 Sparrow - ok 21:48:09.0281 0836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:48:09.0421 0836 splitter - ok 21:48:09.0734 0836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:48:09.0875 0836 sr - ok 21:48:09.0890 0836 Suspicious service (NoAccess): srsbibr 21:48:10.0265 0836 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 21:48:10.0593 0836 Srv - ok 21:48:10.0828 0836 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 21:48:11.0031 0836 StillCam - ok 21:48:11.0328 0836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:48:11.0468 0836 streamip - ok 21:48:11.0718 0836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:48:11.0843 0836 swenum - ok 21:48:12.0125 0836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:48:12.0296 0836 swmidi - ok 21:48:12.0546 0836 symc810 - ok 21:48:12.0875 0836 symc8xx - ok 21:48:13.0125 0836 sym_hi - ok 21:48:13.0343 0836 sym_u3 - ok 21:48:13.0609 0836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:48:13.0750 0836 sysaudio - ok 21:48:14.0140 0836 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:48:14.0484 0836 Tcpip - ok 21:48:14.0734 0836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:48:14.0906 0836 TDPIPE - ok 21:48:15.0156 0836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:48:15.0312 0836 TDTCP - ok 21:48:15.0562 0836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:48:15.0734 0836 TermDD - ok 21:48:16.0000 0836 TosIde - ok 21:48:16.0312 0836 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 21:48:16.0468 0836 uagp35 - ok 21:48:16.0718 0836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:48:16.0859 0836 Udfs - ok 21:48:17.0093 0836 ultra - ok 21:48:17.0484 0836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:48:17.0828 0836 Update - ok 21:48:18.0093 0836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:48:18.0250 0836 usbccgp - ok 21:48:18.0484 0836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:48:18.0640 0836 usbehci - ok 21:48:18.0906 0836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:48:19.0062 0836 usbhub - ok 21:48:19.0328 0836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:48:19.0468 0836 usbprint - ok 21:48:19.0765 0836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:48:19.0937 0836 usbscan - ok 21:48:20.0171 0836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:48:20.0343 0836 USBSTOR - ok 21:48:20.0593 0836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:48:20.0734 0836 usbuhci - ok 21:48:21.0000 0836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:48:21.0140 0836 VgaSave - ok 21:48:21.0468 0836 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys 21:48:21.0609 0836 viagfx - ok 21:48:21.0875 0836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 21:48:22.0031 0836 ViaIde - ok 21:48:22.0296 0836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:48:22.0437 0836 VolSnap - ok 21:48:22.0734 0836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:48:22.0890 0836 Wanarp - ok 21:48:23.0171 0836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:48:23.0375 0836 wdmaud - ok 21:48:23.0765 0836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:48:23.0921 0836 WSTCODEC - ok 21:48:23.0968 0836 Suspicious service (NoAccess): xdhvim 21:48:24.0109 0836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 21:48:24.0562 0836 \Device\Harddisk0\DR0 - ok 21:48:24.0640 0836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 21:48:24.0984 0836 \Device\Harddisk1\DR1 - ok 21:48:25.0015 0836 Boot (0x1200) (65d618203286eca004a097f30dcfa923) \Device\Harddisk0\DR0\Partition0 21:48:25.0015 0836 \Device\Harddisk0\DR0\Partition0 - ok 21:48:25.0031 0836 Boot (0x1200) (b69aee1c213a7e7fe1e9d3f1721eb166) \Device\Harddisk1\DR1\Partition0 21:48:25.0031 0836 \Device\Harddisk1\DR1\Partition0 - ok 21:48:25.0046 0836 ============================================================ 21:48:25.0046 0836 Scan finished 21:48:25.0046 0836 ============================================================ 21:48:25.0203 0828 Detected object count: 0 21:48:25.0203 0828 Actual detected object count: 0 21:48:31.0593 0808 Deinitialize success

LDTate, HELP!!! This thing is really getting crazy. Now when the computer starts the mouse works and keyboard, BUT by the time the logon screen appears both are locked up. So I went and got an older keyboard and the same thing. It works so that I can choose safe mode or regular boot but after that I am locked out due to no input to click "okay".... What should I do to get the mouse working so that I can do the TDSS again????

LDTate, Ok i did that last changes and the computer got real stupid. The usb keyboard and mouse just would work for about 15sec and lockup. I would have to unplug the usb cable and plug back in to get another 15sec of mouse/keyboard time. Same thing in safemode. I could run programs like spybot, malware, but mouse would lock up. I could not get to the website NONE. dnsflush no longer would work. The modem/router I reset and then the computer did not recognize it and it required a complete re-setup?! Another dnsflush and then I got the mouse to work long enough with several attempts to do the last CFScript you gave me. Then I have to do ANOTHER dnsflush to get back to the site and post this... ComboFix 11-11-30.01 - Sonia Evans 11/30/2011 7:56.13.1 - x86 Running from: c:\internet downloads\ComboFix.exe Command switches used :: c:\internet downloads\CFScript.txt * Created a new restore point . FILE :: "c:\windows\system32\vrcrs.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\vrcrs.dll . . . . Failed to delete . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_OUKWW -------\Service_oukww -------\Legacy_srsbibr -------\Service_srsbibr . . ((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 ))))))))))))))))))))))))))))))) . . 2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs 2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache 2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware 2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en 2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer 2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe . . ((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 srsbibr;Manager Time;c:\windows\system32\svchost.exe [2008-04-14 14336] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srsbibr cfimslpn . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-30 22:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cfimslpn] "ServiceDll"="c:\windows\system32\vrcrs.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1516) c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\locator.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-11-30 22:04:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-01 03:04 ComboFix2.txt 2011-11-30 04:38 ComboFix3.txt 2011-11-30 02:53 ComboFix4.txt 2011-11-29 03:16 ComboFix5.txt 2011-11-30 12:55 . Pre-Run: 103,616,380,928 bytes free Post-Run: 103,731,814,400 bytes free . - - End Of File - - B2752D51D3E5CF691388D40059ED77F3

Now I keep getting blocked out from the website everytime I reboot. The app is loading within the previously posted svchost.exe I am sure if I knew how to "see" everything that was loading cause this thing is loading and is hidden at the same time. It is also been able to resist full deletion, so now I am going to try and see if running the advised stuff in safe mode will fix it.....?!

LDTate, Here is my latest scan. However, when I got home tonight, I was unable to reach www.malwarebytes.org website AGAIN!!! So after anoooother DNSflush I was able to get on again....... ComboFix 11-11-28.02 - Sonia Evans 11/28/2011 21:55:13.10.1 - x86 Running from: c:\internet downloads\ComboFix.exe Command switches used :: c:\internet downloads\CFScript.txt * Created a new restore point . FILE :: "c:\windows\system32\vrcrs.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\vrcrs.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DRUUDWILX -------\Service_druudwilx -------\Legacy_oukww -------\Service_oukww . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 ))))))))))))))))))))))))))))))) . . 2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-22 08:49 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-22 08:49 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-22 08:49 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-22 08:49 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-22 08:49 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-22 08:49 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-22 08:49 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-22 08:49 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-22 08:49 . 2011-11-22 08:49 -------- d-----w- c:\program files\AVAST Software 2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer 2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-11-28 04:32 . 2011-11-28 04:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6027:TCP"= 6027:TCP:rcntsjph . R2 oukww;Time Image;c:\windows\system32\svchost.exe [2008-04-14 14336] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs oukww . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-28 22:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oukww] "ServiceDll"="c:\windows\system32\vrcrs.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(656) c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\System32\locator.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-11-28 22:16:46 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-29 03:16 ComboFix2.txt 2011-11-28 04:24 ComboFix3.txt 2011-11-22 07:21 ComboFix4.txt 2011-11-21 05:10 ComboFix5.txt 2011-11-29 02:53 . Pre-Run: 103,428,591,616 bytes free Post-Run: 103,340,793,856 bytes free . - - End Of File - - 2E2E970A2EE21E9648A2514C42FB9389

LDTate, Currently the system is running better, but I am still getting a svchost error intermitantly. What ever is running that does that loads between the first time the wallpaper pic is visable and when the LAN icon loads. Closing any window or application has a "scroll down" effect vs just instantly gone. When the svchost app is running before it crashes it really slows down the computer...??? I don't know how to see what is getting loaded and in what order...

Microsoft DiskPart version 5.1.3565 Copyright © 1999-2003 Microsoft Corporation. On computer: HIGHLANDER Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 D DVD-ROM 0 B Volume 1 C NTFS Partition 149 GB Healthy System Volume 2 E NTFS Partition 75 GB Healthy Pagefile

TDSSKiller 23:02:59.0814 3764 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 23:03:04.0064 3764 Perform update action was selected 23:03:04.0064 3396 Deinitialize success 23:05:17.0736 0652 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 23:05:18.0049 0652 ============================================================ 23:05:18.0049 0652 Current date / time: 2011/11/27 23:05:18.0049 23:05:18.0049 0652 SystemInfo: 23:05:18.0049 0652 23:05:18.0049 0652 OS Version: 5.1.2600 ServicePack: 3.0 23:05:18.0049 0652 Product type: Workstation 23:05:18.0049 0652 ComputerName: HIGHLANDER 23:05:18.0064 0652 UserName: Sonia Evans 23:05:18.0064 0652 Windows directory: C:\WINDOWS 23:05:18.0064 0652 System windows directory: C:\WINDOWS 23:05:18.0064 0652 Processor architecture: Intel x86 23:05:18.0064 0652 Number of processors: 1 23:05:18.0064 0652 Page size: 0x1000 23:05:18.0064 0652 Boot type: Normal boot 23:05:18.0064 0652 ============================================================ 23:05:19.0205 0652 Initialize success 23:05:35.0174 1068 ============================================================ 23:05:35.0174 1068 Scan started 23:05:35.0174 1068 Mode: Manual; 23:05:35.0174 1068 ============================================================ 23:05:35.0470 1068 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys 23:05:35.0470 1068 Aavmker4 - ok 23:05:35.0502 1068 Abiosdsk - ok 23:05:35.0533 1068 abp480n5 - ok 23:05:35.0627 1068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:05:35.0627 1068 ACPI - ok 23:05:35.0689 1068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 23:05:35.0705 1068 ACPIEC - ok 23:05:35.0736 1068 adpu160m - ok 23:05:35.0799 1068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 23:05:35.0799 1068 aec - ok 23:05:35.0845 1068 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 23:05:35.0861 1068 AFD - ok 23:05:35.0892 1068 Aha154x - ok 23:05:35.0939 1068 aic78u2 - ok 23:05:35.0970 1068 aic78xx - ok 23:05:36.0033 1068 AliIde - ok 23:05:36.0111 1068 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 23:05:36.0111 1068 AmdK7 - ok 23:05:36.0158 1068 AmdLLD - ok 23:05:36.0220 1068 amsint - ok 23:05:36.0283 1068 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys 23:05:36.0299 1068 AnyDVD - ok 23:05:36.0345 1068 asc - ok 23:05:36.0392 1068 asc3350p - ok 23:05:36.0439 1068 asc3550 - ok 23:05:36.0564 1068 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys 23:05:36.0564 1068 aswFsBlk - ok 23:05:36.0627 1068 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys 23:05:36.0627 1068 aswMon2 - ok 23:05:36.0689 1068 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys 23:05:36.0689 1068 aswRdr - ok 23:05:36.0736 1068 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys 23:05:36.0752 1068 aswSnx - ok 23:05:36.0830 1068 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys 23:05:36.0845 1068 aswSP - ok 23:05:36.0924 1068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:05:36.0924 1068 AsyncMac - ok 23:05:36.0986 1068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 23:05:36.0986 1068 atapi - ok 23:05:37.0017 1068 Atdisk - ok 23:05:37.0064 1068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:05:37.0080 1068 Atmarpc - ok 23:05:37.0158 1068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 23:05:37.0158 1068 audstub - ok 23:05:37.0236 1068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 23:05:37.0236 1068 Beep - ok 23:05:37.0361 1068 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 23:05:37.0361 1068 BrScnUsb - ok 23:05:37.0392 1068 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys 23:05:37.0408 1068 BrSerIf - ok 23:05:37.0455 1068 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 23:05:37.0455 1068 BrUsbSer - ok 23:05:37.0486 1068 catchme - ok 23:05:37.0533 1068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 23:05:37.0549 1068 cbidf2k - ok 23:05:37.0627 1068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:05:37.0627 1068 CCDECODE - ok 23:05:37.0658 1068 cd20xrnt - ok 23:05:37.0736 1068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 23:05:37.0736 1068 Cdaudio - ok 23:05:37.0783 1068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 23:05:37.0799 1068 Cdfs - ok 23:05:37.0845 1068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:05:37.0845 1068 Cdrom - ok 23:05:37.0892 1068 Changer - ok 23:05:37.0986 1068 CmdIde - ok 23:05:38.0080 1068 cmuda (d9b11a34a4efbd4e12b719c89f09bef3) C:\WINDOWS\system32\drivers\cmuda.sys 23:05:38.0111 1068 cmuda - ok 23:05:38.0205 1068 Cpqarray - ok 23:05:38.0252 1068 dac2w2k - ok 23:05:38.0299 1068 dac960nt - ok 23:05:38.0377 1068 DCamUSBNW802 (34a8699292b57abbbf2ace00b87f9d2d) C:\WINDOWS\system32\DRIVERS\pcam.sys 23:05:38.0377 1068 DCamUSBNW802 - ok 23:05:38.0502 1068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 23:05:38.0502 1068 Disk - ok 23:05:38.0595 1068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 23:05:38.0627 1068 dmboot - ok 23:05:38.0674 1068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 23:05:38.0674 1068 dmio - ok 23:05:38.0705 1068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 23:05:38.0705 1068 dmload - ok 23:05:38.0767 1068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 23:05:38.0767 1068 DMusic - ok 23:05:38.0830 1068 dpti2o - ok 23:05:38.0877 1068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 23:05:38.0877 1068 drmkaud - ok 23:05:38.0892 1068 Suspicious service (NoAccess): druudwilx 23:05:38.0986 1068 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 23:05:39.0002 1068 ElbyCDIO - ok 23:05:39.0095 1068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 23:05:39.0095 1068 Fastfat - ok 23:05:39.0174 1068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 23:05:39.0174 1068 Fdc - ok 23:05:39.0236 1068 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 23:05:39.0236 1068 FETNDIS - ok 23:05:39.0299 1068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 23:05:39.0299 1068 Fips - ok 23:05:39.0345 1068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 23:05:39.0345 1068 Flpydisk - ok 23:05:39.0424 1068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 23:05:39.0439 1068 FltMgr - ok 23:05:39.0502 1068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:05:39.0517 1068 Fs_Rec - ok 23:05:39.0564 1068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:05:39.0564 1068 Ftdisk - ok 23:05:39.0627 1068 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 23:05:39.0627 1068 gameenum - ok 23:05:39.0720 1068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:05:39.0720 1068 Gpc - ok 23:05:39.0799 1068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:05:39.0799 1068 HidUsb - ok 23:05:39.0845 1068 hpn - ok 23:05:39.0939 1068 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 23:05:39.0955 1068 HTTP - ok 23:05:40.0002 1068 i2omgmt - ok 23:05:40.0049 1068 i2omp - ok 23:05:40.0111 1068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:05:40.0111 1068 i8042prt - ok 23:05:40.0189 1068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 23:05:40.0189 1068 Imapi - ok 23:05:40.0267 1068 ini910u - ok 23:05:40.0330 1068 IntelIde - ok 23:05:40.0377 1068 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 23:05:40.0377 1068 ip6fw - ok 23:05:40.0455 1068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:05:40.0455 1068 IpFilterDriver - ok 23:05:40.0502 1068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:05:40.0517 1068 IpInIp - ok 23:05:40.0549 1068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:05:40.0580 1068 IpNat - ok 23:05:40.0627 1068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:05:40.0627 1068 IPSec - ok 23:05:40.0689 1068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 23:05:40.0689 1068 IRENUM - ok 23:05:40.0736 1068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:05:40.0736 1068 isapnp - ok 23:05:40.0814 1068 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys 23:05:40.0814 1068 Iviaspi - ok 23:05:40.0861 1068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:05:40.0861 1068 Kbdclass - ok 23:05:40.0924 1068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 23:05:40.0939 1068 kmixer - ok 23:05:40.0986 1068 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 23:05:41.0002 1068 KSecDD - ok 23:05:41.0064 1068 lbrtfdc - ok 23:05:41.0174 1068 MBAMSwissArmy - ok 23:05:41.0283 1068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 23:05:41.0283 1068 mnmdd - ok 23:05:41.0345 1068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 23:05:41.0345 1068 Modem - ok 23:05:41.0392 1068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:05:41.0392 1068 Mouclass - ok 23:05:41.0470 1068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:05:41.0470 1068 mouhid - ok 23:05:41.0517 1068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 23:05:41.0517 1068 MountMgr - ok 23:05:41.0564 1068 mraid35x - ok 23:05:41.0689 1068 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 23:05:41.0689 1068 MREMP50 - ok 23:05:41.0720 1068 MREMP50a64 - ok 23:05:41.0767 1068 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 23:05:41.0767 1068 MRESP50 - ok 23:05:41.0783 1068 MRESP50a64 - ok 23:05:41.0830 1068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:05:41.0861 1068 MRxDAV - ok 23:05:41.0924 1068 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:05:41.0939 1068 MRxSmb - ok 23:05:42.0033 1068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 23:05:42.0049 1068 Msfs - ok 23:05:42.0111 1068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:05:42.0111 1068 MSKSSRV - ok 23:05:42.0142 1068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:05:42.0142 1068 MSPCLOCK - ok 23:05:42.0220 1068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 23:05:42.0220 1068 MSPQM - ok 23:05:42.0299 1068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:05:42.0299 1068 mssmbios - ok 23:05:42.0345 1068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 23:05:42.0345 1068 MSTEE - ok 23:05:42.0408 1068 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 23:05:42.0408 1068 Mup - ok 23:05:42.0455 1068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:05:42.0486 1068 NABTSFEC - ok 23:05:42.0549 1068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 23:05:42.0564 1068 NDIS - ok 23:05:42.0611 1068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:05:42.0611 1068 NdisIP - ok 23:05:42.0658 1068 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:05:42.0658 1068 NdisTapi - ok 23:05:42.0705 1068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:05:42.0705 1068 Ndisuio - ok 23:05:42.0783 1068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:05:42.0783 1068 NdisWan - ok 23:05:42.0845 1068 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 23:05:42.0845 1068 NDProxy - ok 23:05:42.0877 1068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 23:05:42.0892 1068 NetBIOS - ok 23:05:42.0939 1068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 23:05:42.0955 1068 NetBT - ok 23:05:43.0080 1068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 23:05:43.0080 1068 Npfs - ok 23:05:43.0158 1068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 23:05:43.0174 1068 Ntfs - ok 23:05:43.0283 1068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 23:05:43.0283 1068 Null - ok 23:05:43.0345 1068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:05:43.0345 1068 NwlnkFlt - ok 23:05:43.0392 1068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:05:43.0392 1068 NwlnkFwd - ok 23:05:43.0439 1068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 23:05:43.0455 1068 Parport - ok 23:05:43.0517 1068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 23:05:43.0517 1068 PartMgr - ok 23:05:43.0580 1068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 23:05:43.0580 1068 ParVdm - ok 23:05:43.0642 1068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 23:05:43.0642 1068 PCI - ok 23:05:43.0674 1068 PCIDump - ok 23:05:43.0705 1068 PCIIde - ok 23:05:43.0767 1068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 23:05:43.0767 1068 Pcmcia - ok 23:05:43.0799 1068 PDCOMP - ok 23:05:43.0845 1068 PDFRAME - ok 23:05:43.0892 1068 PDRELI - ok 23:05:43.0939 1068 PDRFRAME - ok 23:05:43.0970 1068 perc2 - ok 23:05:44.0033 1068 perc2hib - ok 23:05:44.0174 1068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:05:44.0189 1068 PptpMiniport - ok 23:05:44.0236 1068 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 23:05:44.0236 1068 Processor - ok 23:05:44.0299 1068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 23:05:44.0299 1068 PSched - ok 23:05:44.0361 1068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:05:44.0361 1068 Ptilink - ok 23:05:44.0439 1068 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 23:05:44.0439 1068 PxHelp20 - ok 23:05:44.0470 1068 ql1080 - ok 23:05:44.0517 1068 Ql10wnt - ok 23:05:44.0533 1068 ql12160 - ok 23:05:44.0564 1068 ql1240 - ok 23:05:44.0611 1068 ql1280 - ok 23:05:44.0674 1068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:05:44.0674 1068 RasAcd - ok 23:05:44.0752 1068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:05:44.0783 1068 Rasl2tp - ok 23:05:44.0830 1068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:05:44.0830 1068 RasPppoe - ok 23:05:44.0861 1068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 23:05:44.0861 1068 Raspti - ok 23:05:44.0908 1068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:05:44.0924 1068 Rdbss - ok 23:05:44.0970 1068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:05:44.0970 1068 RDPCDD - ok 23:05:45.0049 1068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 23:05:45.0049 1068 rdpdr - ok 23:05:45.0127 1068 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 23:05:45.0142 1068 RDPWD - ok 23:05:45.0205 1068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 23:05:45.0205 1068 redbook - ok 23:05:45.0361 1068 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 23:05:45.0361 1068 RTL8023xp - ok 23:05:45.0424 1068 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 23:05:45.0424 1068 rtl8139 - ok 23:05:45.0502 1068 rtl8185 (88b63f291ae10c1b66d2b9ed6921a7df) C:\WINDOWS\system32\DRIVERS\rtl8185.sys 23:05:45.0502 1068 rtl8185 - ok 23:05:45.0627 1068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:05:45.0627 1068 Secdrv - ok 23:05:45.0689 1068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 23:05:45.0689 1068 serenum - ok 23:05:45.0736 1068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 23:05:45.0736 1068 Serial - ok 23:05:45.0799 1068 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys 23:05:45.0799 1068 sermouse - ok 23:05:45.0877 1068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 23:05:45.0877 1068 Sfloppy - ok 23:05:45.0939 1068 Simbad - ok 23:05:45.0986 1068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:05:45.0986 1068 SLIP - ok 23:05:46.0033 1068 Sparrow - ok 23:05:46.0080 1068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 23:05:46.0080 1068 splitter - ok 23:05:46.0127 1068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 23:05:46.0142 1068 sr - ok 23:05:46.0205 1068 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 23:05:46.0220 1068 Srv - ok 23:05:46.0299 1068 SSKBFD (2b38da14e1bad3e4227cfcfaeb505239) C:\WINDOWS\system32\Drivers\sskbfd.sys 23:05:46.0314 1068 SSKBFD - ok 23:05:46.0377 1068 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 23:05:46.0392 1068 StillCam - ok 23:05:46.0455 1068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:05:46.0455 1068 streamip - ok 23:05:46.0502 1068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 23:05:46.0517 1068 swenum - ok 23:05:46.0549 1068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 23:05:46.0549 1068 swmidi - ok 23:05:46.0595 1068 symc810 - ok 23:05:46.0642 1068 symc8xx - ok 23:05:46.0689 1068 sym_hi - ok 23:05:46.0736 1068 sym_u3 - ok 23:05:46.0783 1068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 23:05:46.0783 1068 sysaudio - ok 23:05:46.0892 1068 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:05:46.0908 1068 Tcpip - ok 23:05:46.0970 1068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 23:05:46.0970 1068 TDPIPE - ok 23:05:47.0017 1068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 23:05:47.0017 1068 TDTCP - ok 23:05:47.0080 1068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 23:05:47.0095 1068 TermDD - ok 23:05:47.0205 1068 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 23:05:47.0205 1068 tifsfilter - ok 23:05:47.0299 1068 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys 23:05:47.0314 1068 timounter - ok 23:05:47.0361 1068 TosIde - ok 23:05:47.0455 1068 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 23:05:47.0455 1068 uagp35 - ok 23:05:47.0486 1068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 23:05:47.0486 1068 Udfs - ok 23:05:47.0517 1068 ultra - ok 23:05:47.0595 1068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 23:05:47.0611 1068 Update - ok 23:05:47.0689 1068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:05:47.0689 1068 usbccgp - ok 23:05:47.0720 1068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:05:47.0720 1068 usbehci - ok 23:05:47.0752 1068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:05:47.0767 1068 usbhub - ok 23:05:47.0814 1068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:05:47.0814 1068 usbprint - ok 23:05:47.0892 1068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 23:05:47.0892 1068 usbscan - ok 23:05:47.0970 1068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:05:47.0986 1068 USBSTOR - ok 23:05:48.0033 1068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:05:48.0033 1068 usbuhci - ok 23:05:48.0080 1068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 23:05:48.0080 1068 VgaSave - ok 23:05:48.0174 1068 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys 23:05:48.0189 1068 viagfx - ok 23:05:48.0236 1068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 23:05:48.0236 1068 ViaIde - ok 23:05:48.0283 1068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 23:05:48.0299 1068 VolSnap - ok 23:05:48.0408 1068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:05:48.0424 1068 Wanarp - ok 23:05:48.0455 1068 WDICA - ok 23:05:48.0517 1068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 23:05:48.0517 1068 wdmaud - ok 23:05:48.0767 1068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:05:48.0767 1068 WSTCODEC - ok 23:05:48.0924 1068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 23:05:49.0049 1068 \Device\Harddisk0\DR0 - ok 23:05:49.0095 1068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 23:05:49.0220 1068 \Device\Harddisk1\DR1 - ok 23:05:49.0252 1068 Boot (0x1200) (65d618203286eca004a097f30dcfa923) \Device\Harddisk0\DR0\Partition0 23:05:49.0252 1068 \Device\Harddisk0\DR0\Partition0 - ok 23:05:49.0299 1068 Boot (0x1200) (b69aee1c213a7e7fe1e9d3f1721eb166) \Device\Harddisk1\DR1\Partition0 23:05:49.0299 1068 \Device\Harddisk1\DR1\Partition0 - ok 23:05:49.0314 1068 ============================================================ 23:05:49.0314 1068 Scan finished 23:05:49.0314 1068 ============================================================ 23:05:49.0361 0180 Detected object count: 0 23:05:49.0361 0180 Actual detected object count: 0 23:06:15.0705 2992 ============================================================ 23:06:15.0705 2992 Scan started 23:06:15.0705 2992 Mode: Manual; SigCheck; TDLFS; 23:06:15.0705 2992 ============================================================ 23:06:15.0924 2992 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys 23:06:16.0080 2992 Aavmker4 - ok 23:06:16.0142 2992 Abiosdsk - ok 23:06:16.0189 2992 abp480n5 - ok 23:06:16.0252 2992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:06:23.0127 2992 ACPI - ok 23:06:23.0220 2992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 23:06:23.0455 2992 ACPIEC - ok 23:06:23.0517 2992 adpu160m - ok 23:06:23.0595 2992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 23:06:23.0767 2992 aec - ok 23:06:23.0814 2992 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 23:06:24.0002 2992 AFD - ok 23:06:24.0033 2992 Aha154x - ok 23:06:24.0095 2992 aic78u2 - ok 23:06:24.0142 2992 aic78xx - ok 23:06:24.0220 2992 AliIde - ok 23:06:24.0283 2992 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 23:06:24.0455 2992 AmdK7 - ok 23:06:24.0486 2992 AmdLLD - ok 23:06:24.0533 2992 amsint - ok 23:06:24.0611 2992 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys 23:06:24.0627 2992 AnyDVD - ok 23:06:24.0674 2992 asc - ok 23:06:24.0720 2992 asc3350p - ok 23:06:24.0767 2992 asc3550 - ok 23:06:24.0892 2992 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys 23:06:24.0908 2992 aswFsBlk - ok 23:06:24.0939 2992 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys 23:06:24.0970 2992 aswMon2 - ok 23:06:25.0017 2992 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys 23:06:25.0017 2992 aswRdr - ok 23:06:25.0095 2992 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys 23:06:25.0142 2992 aswSnx - ok 23:06:25.0205 2992 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys 23:06:25.0220 2992 aswSP - ok 23:06:25.0299 2992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:06:25.0470 2992 AsyncMac - ok 23:06:25.0517 2992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 23:06:25.0689 2992 atapi - ok 23:06:25.0736 2992 Atdisk - ok 23:06:25.0799 2992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:06:25.0970 2992 Atmarpc - ok 23:06:26.0033 2992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 23:06:26.0252 2992 audstub - ok 23:06:26.0330 2992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 23:06:26.0564 2992 Beep - ok 23:06:26.0658 2992 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 23:06:26.0705 2992 BrScnUsb - ok 23:06:26.0752 2992 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys 23:06:26.0767 2992 BrSerIf - ok 23:06:26.0799 2992 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 23:06:26.0830 2992 BrUsbSer - ok 23:06:26.0845 2992 catchme - ok 23:06:26.0908 2992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 23:06:27.0142 2992 cbidf2k - ok 23:06:27.0220 2992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:06:27.0361 2992 CCDECODE - ok 23:06:27.0408 2992 cd20xrnt - ok 23:06:27.0486 2992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 23:06:27.0720 2992 Cdaudio - ok 23:06:27.0783 2992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 23:06:27.0939 2992 Cdfs - ok 23:06:27.0986 2992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:06:28.0158 2992 Cdrom - ok 23:06:28.0205 2992 Changer - ok 23:06:28.0299 2992 CmdIde - ok 23:06:28.0377 2992 cmuda (d9b11a34a4efbd4e12b719c89f09bef3) C:\WINDOWS\system32\drivers\cmuda.sys 23:06:28.0470 2992 cmuda - ok 23:06:28.0549 2992 Cpqarray - ok 23:06:28.0595 2992 dac2w2k - ok 23:06:28.0627 2992 dac960nt - ok 23:06:28.0720 2992 DCamUSBNW802 (34a8699292b57abbbf2ace00b87f9d2d) C:\WINDOWS\system32\DRIVERS\pcam.sys 23:06:28.0736 2992 DCamUSBNW802 ( UnsignedFile.Multi.Generic ) - warning 23:06:28.0736 2992 DCamUSBNW802 - detected UnsignedFile.Multi.Generic (1) 23:06:28.0845 2992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 23:06:29.0017 2992 Disk - ok 23:06:29.0127 2992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 23:06:29.0345 2992 dmboot - ok 23:06:29.0408 2992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 23:06:29.0580 2992 dmio - ok 23:06:29.0611 2992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 23:06:29.0861 2992 dmload - ok 23:06:29.0908 2992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 23:06:30.0064 2992 DMusic - ok 23:06:30.0111 2992 dpti2o - ok 23:06:30.0158 2992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 23:06:30.0330 2992 drmkaud - ok 23:06:30.0330 2992 Suspicious service (NoAccess): druudwilx 23:06:30.0424 2992 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 23:06:30.0424 2992 ElbyCDIO - ok 23:06:30.0517 2992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 23:06:30.0674 2992 Fastfat - ok 23:06:30.0736 2992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 23:06:30.0908 2992 Fdc - ok 23:06:30.0986 2992 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 23:06:31.0236 2992 FETNDIS - ok 23:06:31.0299 2992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 23:06:31.0439 2992 Fips - ok 23:06:31.0502 2992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 23:06:31.0658 2992 Flpydisk - ok 23:06:31.0720 2992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 23:06:31.0892 2992 FltMgr - ok 23:06:31.0955 2992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:06:32.0205 2992 Fs_Rec - ok 23:06:32.0252 2992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:06:32.0486 2992 Ftdisk - ok 23:06:32.0564 2992 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 23:06:32.0705 2992 gameenum - ok 23:06:32.0767 2992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:06:32.0924 2992 Gpc - ok 23:06:33.0002 2992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:06:33.0142 2992 HidUsb - ok 23:06:33.0174 2992 hpn - ok 23:06:33.0283 2992 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 23:06:33.0439 2992 HTTP - ok 23:06:33.0502 2992 i2omgmt - ok 23:06:33.0549 2992 i2omp - ok 23:06:33.0627 2992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:06:33.0767 2992 i8042prt - ok 23:06:33.0830 2992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 23:06:33.0986 2992 Imapi - ok 23:06:34.0033 2992 ini910u - ok 23:06:34.0080 2992 IntelIde - ok 23:06:34.0142 2992 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 23:06:34.0283 2992 ip6fw - ok 23:06:34.0361 2992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:06:34.0611 2992 IpFilterDriver - ok 23:06:34.0674 2992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:06:34.0814 2992 IpInIp - ok 23:06:34.0877 2992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:06:35.0033 2992 IpNat - ok 23:06:35.0080 2992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:06:35.0236 2992 IPSec - ok 23:06:35.0299 2992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 23:06:35.0455 2992 IRENUM - ok 23:06:35.0517 2992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:06:35.0689 2992 isapnp - ok 23:06:35.0752 2992 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys 23:06:35.0767 2992 Iviaspi ( UnsignedFile.Multi.Generic ) - warning 23:06:35.0767 2992 Iviaspi - detected UnsignedFile.Multi.Generic (1) 23:06:35.0830 2992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:06:35.0986 2992 Kbdclass - ok 23:06:36.0033 2992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 23:06:36.0205 2992 kmixer - ok 23:06:36.0283 2992 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 23:06:36.0455 2992 KSecDD - ok 23:06:36.0502 2992 lbrtfdc - ok 23:06:36.0611 2992 MBAMSwissArmy - ok 23:06:36.0705 2992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 23:06:36.0908 2992 mnmdd - ok 23:06:36.0955 2992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 23:06:37.0111 2992 Modem - ok 23:06:37.0158 2992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:06:37.0330 2992 Mouclass - ok 23:06:37.0392 2992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:06:37.0611 2992 mouhid - ok 23:06:37.0658 2992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 23:06:37.0814 2992 MountMgr - ok 23:06:37.0845 2992 mraid35x - ok 23:06:37.0986 2992 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 23:06:38.0002 2992 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 23:06:38.0002 2992 MREMP50 - detected UnsignedFile.Multi.Generic (1) 23:06:38.0017 2992 MREMP50a64 - ok 23:06:38.0064 2992 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 23:06:38.0080 2992 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 23:06:38.0080 2992 MRESP50 - detected UnsignedFile.Multi.Generic (1) 23:06:38.0127 2992 MRESP50a64 - ok 23:06:38.0189 2992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:06:38.0345 2992 MRxDAV - ok 23:06:38.0408 2992 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:06:38.0580 2992 MRxSmb - ok 23:06:38.0658 2992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 23:06:38.0814 2992 Msfs - ok 23:06:38.0877 2992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:06:39.0049 2992 MSKSSRV - ok 23:06:39.0095 2992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:06:39.0267 2992 MSPCLOCK - ok 23:06:39.0314 2992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 23:06:39.0486 2992 MSPQM - ok 23:06:39.0549 2992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:06:39.0689 2992 mssmbios - ok 23:06:39.0736 2992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 23:06:39.0877 2992 MSTEE - ok 23:06:39.0924 2992 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 23:06:40.0080 2992 Mup - ok 23:06:40.0127 2992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:06:40.0283 2992 NABTSFEC - ok 23:06:40.0345 2992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 23:06:40.0517 2992 NDIS - ok 23:06:40.0580 2992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:06:40.0736 2992 NdisIP - ok 23:06:40.0814 2992 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:06:40.0955 2992 NdisTapi - ok 23:06:41.0017 2992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:06:41.0174 2992 Ndisuio - ok 23:06:41.0220 2992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:06:41.0392 2992 NdisWan - ok 23:06:41.0455 2992 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 23:06:41.0611 2992 NDProxy - ok 23:06:41.0674 2992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 23:06:41.0830 2992 NetBIOS - ok 23:06:41.0861 2992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 23:06:42.0033 2992 NetBT - ok 23:06:42.0158 2992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 23:06:42.0314 2992 Npfs - ok 23:06:42.0377 2992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 23:06:42.0564 2992 Ntfs - ok 23:06:42.0658 2992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 23:06:42.0877 2992 Null - ok 23:06:42.0939 2992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:06:43.0158 2992 NwlnkFlt - ok 23:06:43.0174 2992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:06:43.0424 2992 NwlnkFwd - ok 23:06:43.0470 2992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 23:06:43.0611 2992 Parport - ok 23:06:43.0658 2992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 23:06:43.0799 2992 PartMgr - ok 23:06:43.0861 2992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 23:06:44.0095 2992 ParVdm - ok 23:06:44.0158 2992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 23:06:44.0314 2992 PCI - ok 23:06:44.0345 2992 PCIDump - ok 23:06:44.0392 2992 PCIIde - ok 23:06:44.0455 2992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 23:06:44.0627 2992 Pcmcia - ok 23:06:44.0658 2992 PDCOMP - ok 23:06:44.0705 2992 PDFRAME - ok 23:06:44.0752 2992 PDRELI - ok 23:06:44.0799 2992 PDRFRAME - ok 23:06:44.0845 2992 perc2 - ok 23:06:44.0892 2992 perc2hib - ok 23:06:45.0033 2992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:06:45.0205 2992 PptpMiniport - ok 23:06:45.0252 2992 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 23:06:45.0424 2992 Processor - ok 23:06:45.0502 2992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 23:06:45.0642 2992 PSched - ok 23:06:45.0689 2992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:06:45.0924 2992 Ptilink - ok 23:06:45.0986 2992 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 23:06:46.0017 2992 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 23:06:46.0017 2992 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 23:06:46.0033 2992 ql1080 - ok 23:06:46.0080 2992 Ql10wnt - ok 23:06:46.0142 2992 ql12160 - ok 23:06:46.0174 2992 ql1240 - ok 23:06:46.0220 2992 ql1280 - ok 23:06:46.0283 2992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:06:46.0502 2992 RasAcd - ok 23:06:46.0564 2992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:06:46.0720 2992 Rasl2tp - ok 23:06:46.0767 2992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:06:46.0924 2992 RasPppoe - ok 23:06:46.0986 2992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 23:06:47.0220 2992 Raspti - ok 23:06:47.0267 2992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:06:47.0439 2992 Rdbss - ok 23:06:47.0486 2992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:06:47.0705 2992 RDPCDD - ok 23:06:47.0767 2992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 23:06:47.0924 2992 rdpdr - ok 23:06:48.0017 2992 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 23:06:48.0174 2992 RDPWD - ok 23:06:48.0236 2992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 23:06:48.0392 2992 redbook - ok 23:06:48.0517 2992 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 23:06:48.0627 2992 RTL8023xp - ok 23:06:48.0674 2992 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 23:06:48.0799 2992 rtl8139 - ok 23:06:48.0877 2992 rtl8185 (88b63f291ae10c1b66d2b9ed6921a7df) C:\WINDOWS\system32\DRIVERS\rtl8185.sys 23:06:48.0892 2992 rtl8185 ( UnsignedFile.Multi.Generic ) - warning 23:06:48.0892 2992 rtl8185 - detected UnsignedFile.Multi.Generic (1) 23:06:49.0002 2992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:06:49.0158 2992 Secdrv - ok 23:06:49.0236 2992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 23:06:49.0392 2992 serenum - ok 23:06:49.0455 2992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 23:06:49.0595 2992 Serial - ok 23:06:49.0658 2992 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys 23:06:49.0845 2992 sermouse - ok 23:06:49.0924 2992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 23:06:50.0064 2992 Sfloppy - ok 23:06:50.0127 2992 Simbad - ok 23:06:50.0174 2992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:06:50.0314 2992 SLIP - ok 23:06:50.0361 2992 Sparrow - ok 23:06:50.0439 2992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 23:06:50.0580 2992 splitter - ok 23:06:50.0642 2992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 23:06:50.0783 2992 sr - ok 23:06:50.0877 2992 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 23:06:51.0033 2992 Srv - ok 23:06:51.0111 2992 SSKBFD (2b38da14e1bad3e4227cfcfaeb505239) C:\WINDOWS\system32\Drivers\sskbfd.sys 23:06:51.0127 2992 SSKBFD ( UnsignedFile.Multi.Generic ) - warning 23:06:51.0127 2992 SSKBFD - detected UnsignedFile.Multi.Generic (1) 23:06:51.0205 2992 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 23:06:51.0439 2992 StillCam - ok 23:06:51.0486 2992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:06:51.0611 2992 streamip - ok 23:06:51.0674 2992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 23:06:51.0814 2992 swenum - ok 23:06:51.0861 2992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 23:06:52.0017 2992 swmidi - ok 23:06:52.0080 2992 symc810 - ok 23:06:52.0127 2992 symc8xx - ok 23:06:52.0174 2992 sym_hi - ok 23:06:52.0205 2992 sym_u3 - ok 23:06:52.0283 2992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 23:06:52.0439 2992 sysaudio - ok 23:06:52.0517 2992 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:06:52.0705 2992 Tcpip - ok 23:06:52.0752 2992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 23:06:52.0892 2992 TDPIPE - ok 23:06:52.0955 2992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 23:06:53.0111 2992 TDTCP - ok 23:06:53.0158 2992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 23:06:53.0314 2992 TermDD - ok 23:06:53.0392 2992 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 23:06:53.0392 2992 tifsfilter - ok 23:06:53.0486 2992 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys 23:06:53.0517 2992 timounter - ok 23:06:53.0549 2992 TosIde - ok 23:06:53.0674 2992 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 23:06:53.0830 2992 uagp35 - ok 23:06:53.0892 2992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 23:06:54.0049 2992 Udfs - ok 23:06:54.0095 2992 ultra - ok 23:06:54.0189 2992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 23:06:54.0361 2992 Update - ok 23:06:54.0439 2992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:06:54.0595 2992 usbccgp - ok 23:06:54.0658 2992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:06:54.0830 2992 usbehci - ok 23:06:54.0861 2992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:06:55.0033 2992 usbhub - ok 23:06:55.0080 2992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:06:55.0220 2992 usbprint - ok 23:06:55.0283 2992 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 23:06:55.0424 2992 usbscan - ok 23:06:55.0502 2992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:06:55.0642 2992 USBSTOR - ok 23:06:55.0736 2992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:06:55.0892 2992 usbuhci - ok 23:06:55.0939 2992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 23:06:56.0080 2992 VgaSave - ok 23:06:56.0158 2992 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys 23:06:56.0205 2992 viagfx - ok 23:06:56.0252 2992 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 23:06:56.0408 2992 ViaIde - ok 23:06:56.0470 2992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 23:06:56.0627 2992 VolSnap - ok 23:06:56.0752 2992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:06:56.0908 2992 Wanarp - ok 23:06:56.0939 2992 WDICA - ok 23:06:57.0002 2992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 23:06:57.0158 2992 wdmaud - ok 23:06:57.0361 2992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:06:57.0502 2992 WSTCODEC - ok 23:06:57.0627 2992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 23:06:57.0814 2992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 23:06:57.0814 2992 \Device\Harddisk0\DR0 - detected TDSS File System (1) 23:06:57.0861 2992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 23:06:58.0080 2992 \Device\Harddisk1\DR1 - ok 23:06:58.0111 2992 Boot (0x1200) (65d618203286eca004a097f30dcfa923) \Device\Harddisk0\DR0\Partition0 23:06:58.0111 2992 \Device\Harddisk0\DR0\Partition0 - ok 23:06:58.0142 2992 Boot (0x1200) (b69aee1c213a7e7fe1e9d3f1721eb166) \Device\Harddisk1\DR1\Partition0 23:06:58.0142 2992 \Device\Harddisk1\DR1\Partition0 - ok 23:06:58.0158 2992 ============================================================ 23:06:58.0158 2992 Scan finished 23:06:58.0158 2992 ============================================================ 23:06:58.0314 1692 Detected object count: 8 23:06:58.0314 1692 Actual detected object count: 8 23:07:38.0799 1692 C:\WINDOWS\system32\DRIVERS\pcam.sys - copied to quarantine 23:07:38.0799 1692 DCamUSBNW802 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:38.0877 1692 C:\WINDOWS\system32\drivers\iviaspi.sys - copied to quarantine 23:07:38.0892 1692 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:39.0017 1692 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS - copied to quarantine 23:07:39.0017 1692 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:39.0111 1692 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS - copied to quarantine 23:07:39.0111 1692 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:39.0174 1692 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys - copied to quarantine 23:07:39.0174 1692 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:39.0283 1692 C:\WINDOWS\system32\DRIVERS\rtl8185.sys - copied to quarantine 23:07:39.0283 1692 rtl8185 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:39.0345 1692 C:\WINDOWS\system32\Drivers\sskbfd.sys - copied to quarantine 23:07:39.0345 1692 SSKBFD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 23:07:39.0392 1692 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 23:07:39.0408 1692 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 23:07:39.0470 1692 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 23:07:39.0486 1692 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 23:07:39.0486 1692 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 23:07:39.0486 1692 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 23:07:39.0502 1692 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 23:07:39.0502 1692 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine 23:08:20.0830 0140 Deinitialize success

LDTate, Here is current logs after running things last night. ComboFix 11-11-20.02 - Sonia Evans 11/27/2011 23:14:16.9.1 - x86 Running from: c:\documents and settings\All Users\Documents\Malware Fix Folder\ComboFix.exe Command switches used :: c:\documents and settings\All Users\Documents\Malware Fix Folder\CFScript_used_2011-11-21_23.22.03.txt * Created a new restore point . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\windows\system32\vrcrs.dll" . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))) . . 2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-22 08:49 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-22 08:49 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-22 08:49 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-22 08:49 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-22 08:49 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-22 08:49 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-22 08:49 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-22 08:49 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-22 08:49 . 2011-11-22 08:49 -------- d-----w- c:\program files\AVAST Software 2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer 2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 druudwilx;Driver Center;c:\windows\system32\svchost.exe [2008-04-14 14336] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480] . . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-27 23:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\druudwilx] "ServiceDll"="c:\windows\system32\vrcrs.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3972) c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\msiexec.exe c:\windows\System32\locator.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-11-27 23:24:32 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-28 04:24 ComboFix2.txt 2011-11-22 07:21 ComboFix3.txt 2011-11-21 05:10 ComboFix4.txt 2011-11-19 14:33 ComboFix5.txt 2011-11-28 04:13 . Pre-Run: 98,549,833,728 bytes free Post-Run: 98,595,717,120 bytes free . - - End Of File - - 3D7AA926D4FBE62C3EB03F19BEF83EE7

yes, I do... I am at work already and it is my home computer, but this morning it had another svchost error and locked up the computer. I will repeat the above process's and post a log. thanks

LDTate, I did a dnsflush and disconnected the router from my computer. Unplugged the router from the wall and power. I also decided after getting that ATT message to try AVAST antivirus instead of MS antivirus this time.... WOW!!!!!!!!!! MS antivirus found NOTHING. AVAST found RootKIT, spyware, trojan, dnschange and who knows what else. I ran all of this with the computer disconnected from the internet and router. So am I running that twice and probably just going to do everything again to get back to this point. I will finish with this after the holidays. It was really amazing to me the difference between MS antivirus and AVAST. I would not recommend MSantivirus to anyone!!!

THIS was from AT&T today!!! -----Original Message----- From: Bellsouth Internet Services Security Center [mailto:abuse@att.net] Sent: 11/21/2011 3:17 PM To: soniabevans@ymail.com; speedqueen@bellsouth.net Subject: Warning! Your Bellsouth Member ID is: speedqueen@bellsouth.net IP: 74.184.171.119 (issue 8106) *********************************************************** For the fastest response, please ensure that you retain the subject line, and direct all replies to this warning letter to abuse@att.net. *********************************************************** IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -"Conficker Traffic Detected" Sonia Brown, Our investigation shows the following IP was assigned to your log-on session at the indicated time and was being used to provide DNS services to a zombie computer network, also known as a Botnet. At Wed, 16 Nov 2011 10:26:29 +0000, your IP address was: 74.184.171.119 Type of infection (if known): downadup Source Port: 2504 Destination IP: 149.20.56.33 Botnets are networks of compromised computers under the control of a hacker or group of hackers. Botnets are often used to conduct various attacks ranging from denial of service attacks on websites, to spamming, click fraud, and distribution of malicious software. Based on our data we believe the specific malware you are infected with is known as "Conficker". We recommend you check your computer(s) with the following link: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html To address this problem we ask that you immediately take the following steps to secure your network: 1. If your computer(s) are managed by an Information Technology (IT) group at your place of work, then contact them immediately. 2. AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity. https://pccheck.att.com/index.aspx?RID=AG 3. If your computer(s) are personally owned, then update the security software on your system (follow the instructions on your vendor's website). You might also consider installing new security software such as AT&T Security Suite. http://www.att.net/iss (You must be logged in with the Master Account ID to download AT&T Security Suite). 4. If you are an advanced user, then consider reimaging your computer(s) and installing the necessary software patches. For less advanced users, this can be done by a third party such as AT&T Connect Tech. https://remotesupport.att.com/index.aspx AT&T Computer consultants trained to clean infected machines might also be located in your area (you can search at yp.com). 5. In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgement of: "I am taking steps to address this infection." When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. We welcome feedback on what removal tools or method were used. Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to: http://www.corp.att.com/aup/ Below are some additional sites you can visit for tools or information: AT&T PC Health Check - Online virus, malware and spyware scan. https://pccheck.att.com/index.aspx?RID=AG Microsoft Systems Anti-virus: http://www.microsoft.com/security_essentials/ Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx Apple Systems Anti-virus: http://www.apple.com/downloads/macosx/networking_security/avastantivirusmace dition.html We also recommend you run anti-spyware application, like Malwarebytes Anti-Malware or Spybot: http://malwarebytes.org/mbam.php http://www.safer-networking.org/en/index.html More Conficker specific links are listed below. Many of these sites will be inaccessible from a Conficker infected system, so you might have to download from another system and bring the tool to the infected system. All of these tools, as far as we know are free to download and use. They are listed in no specific order except alphabetical. Vendor Link Notes ESET http://download.eset.com/special/EConfickerRemover.exe (ESET's Threat Encyclopaedia - http://www.eset.eu/encyclopaedia/conficker_aa_trojan_win32_agent_bbof_w32_do wnadup_b_w32_conficker_worm_gen_a) Kaspersky http://support.kaspersky.com/downloads/utils/kk.zip (How to remove network worm Net-Worm.Win32.Kido - http://support.kaspersky.com/faq/?qid=208279973) McAfee http://vil.nai.com/vil/stinger/ (McAfee's Page on Protecting yourself from Conficker - http://www.mcafee.com/us/threat_center/conficker.html) Sunbelt Software http://www.sunbeltsecurity.com/DownLoads.aspx (Sunbelt Threat Advisory - http://www.sunbeltsecurity.com/advisory.aspx) Symantec http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/D. exe (W32.Downadup - Removal - http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408 -99&tabid=3) Trend Micro http://www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM _DOWNAD.zip (WORM_DOWNAD.E - http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ DOWNAD.E&VSect=P) Regards, AT&T Internet Services Security Center SAFETY NOTE: We have included links in this email as a convenience. Please note that it is always safer to copy and paste URLs included in email directly into your browser to reach the referenced site. 77geb48dd0c599r86b6b1b5ed5482p

LDTate, ok here is the new combofix txt. Then in the following thread I will post what I got today from AT&T in email. As i type this my keyboard is hanging up again and all my symptoms have returned! I keep having to dnsflush to get back to this website?! ComboFix 11-11-20.02 - Sonia Evans 11/21/2011 23:22:06.8.1 - x86 Running from: c:\internet downloads\ComboFix.exe Command switches used :: c:\documents and settings\All Users\Documents\CFScript.txt * Created a new restore point . FILE :: "c:\windows\system32\vrcrs.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} c:\windows\system32\vrcrs.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_druudwilx -------\Service_druudwilx . . ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 ))))))))))))))))))))))))))))))) . . 2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache 2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 druudwilx;Driver Center;c:\windows\system32\svchost.exe [2008-04-14 14336] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480] . . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-22 02:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\druudwilx] "ServiceDll"="c:\windows\system32\vrcrs.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(224) c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\locator.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-11-22 02:21:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-22 07:21 ComboFix2.txt 2011-11-21 05:10 ComboFix3.txt 2011-11-19 14:33 ComboFix4.txt 2011-10-21 02:31 ComboFix5.txt 2011-11-22 04:21 . Pre-Run: 78,782,857,216 bytes free Post-Run: 78,741,585,920 bytes free . - - End Of File - - 892E96542F3A3EA3FCDD01DDCFD803B5

I feel like there is still something going on, I am too tired to look around in this computer for the moment, but that screen "reload" tell me that things are still doing too much. Thanks you for your help so far, as my computer is working much better. My keyboard is not stalling out and I can type as fast as possible and it is not missing any keystrokes!!! So, I know it is working much better. But, closing down the browser or making it small has the screen still doing the real slow "reload". It takes about 4-5 writes to build the whole wallpaper pic.

LDTate, Ok i am back on the infected computer. I have ran the CFScript and the computer booted up at least 2x faster!!! The wallpaper pic did "reload" though. I had to do a dns flush and complete router reboot again to get back to the website. But, I had to use the email verification link to find the thread, because the newest update was 4am 11-20-11 and it is currently 12:30am 11-21-11. So I am not sure why the website will not refresh from your server yet?! Here is the current combofix report: ComboFix 11-11-20.02 - Sonia Evans 11/20/2011 23:59:27.7.1 - x86 Running from: c:\internet downloads\ComboFix.exe Command switches used :: c:\documents and settings\All Users\Documents\CFScript.txt * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\chrome.manifest c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\chrome\forecastfox.jar c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\icon.png c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\install.rdf c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png c:\windows\CSC\d6 . . ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 ))))))))))))))))))))))))))))))) . . 2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache 2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2011-10-21_02.27.19 ))))))))))))))))))))))))))))))))))))))))) . + 2006-06-21 02:07 . 2008-04-14 05:15 26368 c:\windows\system32\drivers\USBSTOR.SYS - 2006-06-21 02:07 . 2008-04-14 04:15 26368 c:\windows\system32\drivers\usbstor.sys + 2002-08-29 12:00 . 2008-04-14 05:10 36352 c:\windows\system32\drivers\disk.sys - 2002-08-29 12:00 . 2008-04-14 04:10 36352 c:\windows\system32\drivers\disk.sys + 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-10-16 16:35 . 2011-11-19 09:18 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2011-10-16 16:35 . 2011-10-20 03:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\spmsg.dll - 2011-10-13 11:52 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\spcustom.dll - 2011-10-13 11:52 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\spmsg.dll - 2011-10-18 03:23 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\update\spcustom.dll - 2011-10-18 03:23 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\spmsg.dll - 2011-10-13 11:51 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\spcustom.dll - 2011-10-13 11:51 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\spmsg.dll - 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\spcustom.dll - 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\spmsg.dll - 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\spcustom.dll - 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\spmsg.dll - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\spmsg.dll - 2011-10-18 03:25 . 2010-02-22 14:23 26488 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\spcustom.dll - 2011-10-18 03:25 . 2010-02-22 14:23 17272 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\spmsg.dll - 2011-10-18 03:24 . 2009-05-26 09:01 26488 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\spcustom.dll - 2011-10-18 03:24 . 2009-05-26 09:01 17272 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\spmsg.dll - 2011-10-13 11:49 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\spcustom.dll - 2011-10-13 11:49 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spmsg.dll - 2011-10-13 12:02 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\spcustom.dll - 2011-10-13 12:02 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\spmsg.dll - 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\spcustom.dll - 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\spmsg.dll - 2011-10-13 12:02 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\spcustom.dll - 2011-10-13 12:02 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\spmsg.dll - 2011-10-13 12:02 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\spcustom.dll - 2011-10-13 12:02 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\spmsg.dll - 2011-10-18 03:25 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\spcustom.dll - 2011-10-18 03:25 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\spmsg.dll - 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\spcustom.dll - 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\spmsg.dll - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\spmsg.dll - 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\spcustom.dll - 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\spmsg.dll - 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\spcustom.dll - 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spmsg.dll - 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\spcustom.dll - 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\spmsg.dll - 2011-10-18 03:23 . 2010-02-22 14:23 26488 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\update\spcustom.dll - 2011-10-18 03:23 . 2010-02-22 14:23 17272 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\spmsg.dll - 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\spcustom.dll - 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\spmsg.dll - 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\spcustom.dll - 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\spmsg.dll - 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\spcustom.dll - 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\spmsg.dll - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\spmsg.dll - 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\spcustom.dll - 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\spmsg.dll - 2011-10-13 12:02 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\spcustom.dll - 2011-10-13 12:02 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\spmsg.dll - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\spmsg.dll - 2011-10-13 12:01 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\spcustom.dll - 2011-10-13 12:01 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\spmsg.dll - 2011-10-13 11:49 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\spcustom.dll - 2011-10-13 11:49 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\spmsg.dll - 2011-10-13 12:02 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\spcustom.dll - 2011-10-13 12:02 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\spmsg.dll - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\spmsg.dll - 2011-10-13 12:01 . 2008-07-09 07:38 26488 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\spcustom.dll - 2011-10-13 12:01 . 2008-07-09 07:38 17272 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\spmsg.dll - 2011-10-18 03:25 . 2010-02-22 14:23 26488 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\update\spcustom.dll - 2011-10-18 03:25 . 2010-02-22 14:23 17272 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\spmsg.dll - 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\spcustom.dll - 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\spmsg.dll - 2011-10-13 12:01 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\spcustom.dll - 2011-10-13 12:01 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\spmsg.dll - 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\update\spcustom.dll - 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\spmsg.dll - 2011-10-13 12:02 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\spcustom.dll - 2011-10-13 12:02 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\spmsg.dll - 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\update\spcustom.dll - 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\spmsg.dll - 2011-10-18 03:22 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\spcustom.dll - 2011-10-18 03:22 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\spmsg.dll - 2011-10-13 11:50 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\spcustom.dll - 2011-10-13 11:50 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\spmsg.dll - 2011-10-13 12:02 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\spcustom.dll - 2011-10-13 12:02 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\spmsg.dll - 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\spcustom.dll - 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\spmsg.dll - 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\update\spcustom.dll - 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\spmsg.dll - 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\spcustom.dll - 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\spmsg.dll - 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\spcustom.dll - 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\spmsg.dll - 2011-10-13 11:48 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\spcustom.dll - 2011-10-13 11:48 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\spmsg.dll - 2011-10-18 03:22 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\spcustom.dll - 2011-10-18 03:22 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\spmsg.dll - 2011-10-13 11:51 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\update\spcustom.dll - 2011-10-13 11:51 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\spmsg.dll - 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\spcustom.dll - 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\spmsg.dll - 2011-10-13 12:02 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\spcustom.dll - 2011-10-13 12:02 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spmsg.dll - 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\update\spcustom.dll - 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\spmsg.dll - 2011-10-13 12:02 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\spcustom.dll - 2011-10-13 12:02 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\spmsg.dll - 2011-10-13 11:48 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\spcustom.dll - 2011-10-13 11:48 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\spmsg.dll - 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\update\spcustom.dll - 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\spmsg.dll + 2002-08-29 12:00 . 2008-04-14 09:41 157225 c:\windows\system32\vrcrs.dll + 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\scrrun.dll + 2011-11-18 11:55 . 2011-11-18 11:55 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe + 2006-06-09 19:30 . 2011-10-22 02:14 126912 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\dllcache\scrrun.dll - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\spuninst.exe - 2011-10-13 11:52 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\updspapi.dll - 2011-10-13 11:52 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe - 2011-10-13 11:52 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\spuninst.exe - 2011-10-18 03:23 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\update\updspapi.dll - 2011-10-18 03:23 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\update\update.exe - 2011-10-18 03:23 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\spuninst.exe - 2011-10-13 11:51 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\updspapi.dll - 2011-10-13 11:51 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe - 2011-10-13 11:51 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\spuninst.exe - 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\updspapi.dll - 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\update.exe - 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\spuninst.exe - 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\updspapi.dll - 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\update.exe - 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\spuninst.exe - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\spuninst.exe - 2011-10-18 03:25 . 2010-02-22 14:23 382840 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\updspapi.dll - 2011-10-18 03:25 . 2010-02-22 14:23 755576 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\update.exe - 2011-10-18 03:25 . 2010-02-22 14:23 231288 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\spuninst.exe - 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\updspapi.dll - 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\update.exe - 2011-10-18 03:24 . 2009-05-26 09:01 231288 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\spuninst.exe - 2011-10-13 11:49 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\updspapi.dll - 2011-10-13 11:49 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\update.exe - 2011-10-13 11:49 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spuninst.exe - 2011-10-13 12:02 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\updspapi.dll - 2011-10-13 12:02 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe - 2011-10-13 12:02 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\spuninst.exe - 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\updspapi.dll - 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\update.exe - 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\spuninst.exe - 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\updspapi.dll - 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe - 2011-10-13 12:02 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\spuninst.exe - 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\updspapi.dll - 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe - 2011-10-13 12:02 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\spuninst.exe - 2011-10-18 03:25 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\updspapi.dll - 2011-10-18 03:25 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\update.exe - 2011-10-18 03:25 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\spuninst.exe - 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\updspapi.dll - 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\update.exe - 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\spuninst.exe - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\spuninst.exe - 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\updspapi.dll - 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\update.exe - 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\spuninst.exe - 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\updspapi.dll - 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe - 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spuninst.exe - 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\updspapi.dll - 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\update.exe - 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\spuninst.exe - 2011-10-18 03:23 . 2010-02-22 14:23 382840 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\update\updspapi.dll - 2011-10-18 03:23 . 2010-02-22 14:23 755576 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\update\update.exe - 2011-10-18 03:23 . 2010-02-22 14:23 231288 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\spuninst.exe - 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\updspapi.dll - 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\update.exe - 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\spuninst.exe - 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\updspapi.dll - 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe - 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\spuninst.exe - 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\updspapi.dll - 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\update.exe - 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\spuninst.exe - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\spuninst.exe - 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\updspapi.dll - 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\update.exe - 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\spuninst.exe - 2011-10-13 12:02 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\updspapi.dll - 2011-10-13 12:02 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe - 2011-10-13 12:02 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\spuninst.exe - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\spuninst.exe - 2011-10-13 12:01 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\updspapi.dll - 2011-10-13 12:01 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe - 2011-10-13 12:01 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\spuninst.exe - 2011-10-13 11:49 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\updspapi.dll - 2011-10-13 11:49 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\update.exe - 2011-10-13 11:49 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\spuninst.exe - 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\updspapi.dll - 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\update.exe - 2011-10-13 12:02 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\spuninst.exe - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\spuninst.exe - 2011-10-13 12:01 . 2008-07-09 07:38 382840 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\updspapi.dll - 2011-10-13 12:01 . 2008-07-09 07:38 755576 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe - 2011-10-13 12:01 . 2008-07-09 07:38 231288 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\spuninst.exe - 2011-10-18 03:25 . 2010-02-22 14:23 382840 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\update\updspapi.dll - 2011-10-18 03:25 . 2010-02-22 14:23 755576 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\update\update.exe - 2011-10-18 03:25 . 2010-02-22 14:23 231288 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\spuninst.exe - 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\updspapi.dll - 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\update.exe - 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\spuninst.exe - 2011-10-13 12:01 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\updspapi.dll - 2011-10-13 12:01 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe - 2011-10-13 12:01 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\spuninst.exe - 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\update\updspapi.dll - 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\update\update.exe - 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\spuninst.exe - 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\updspapi.dll - 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exe - 2011-10-13 12:02 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\spuninst.exe - 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\update\updspapi.dll - 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\update\update.exe - 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\spuninst.exe - 2011-10-18 03:22 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\updspapi.dll - 2011-10-18 03:22 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe - 2011-10-18 03:22 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\spuninst.exe - 2011-10-13 11:50 . 2008-07-09 07:38 382840 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\updspapi.dll - 2011-10-13 11:50 . 2008-07-09 07:38 755576 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe - 2011-10-13 11:50 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\spuninst.exe - 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\updspapi.dll - 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\update.exe - 2011-10-13 12:02 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\spuninst.exe - 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\updspapi.dll - 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\update.exe - 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\spuninst.exe - 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\update\updspapi.dll - 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\update\update.exe - 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\spuninst.exe - 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\updspapi.dll - 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\update.exe - 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\spuninst.exe - 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\updspapi.dll - 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe - 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\spuninst.exe - 2011-10-13 11:48 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\updspapi.dll - 2011-10-13 11:48 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\update.exe - 2011-10-13 11:48 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\spuninst.exe - 2011-10-18 03:22 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\updspapi.dll - 2011-10-18 03:22 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\update.exe - 2011-10-18 03:22 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\spuninst.exe - 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\update\updspapi.dll - 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\update\update.exe - 2011-10-13 11:51 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\spuninst.exe - 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\updspapi.dll - 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe - 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\spuninst.exe - 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\updspapi.dll - 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe - 2011-10-13 12:02 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spuninst.exe - 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\update\updspapi.dll - 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\update\update.exe - 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\spuninst.exe - 2011-10-13 12:02 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\updspapi.dll - 2011-10-13 12:02 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe - 2011-10-13 12:02 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\spuninst.exe - 2011-10-13 11:48 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\updspapi.dll - 2011-10-13 11:48 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\update.exe - 2011-10-13 11:48 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\spuninst.exe - 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\update\updspapi.dll - 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\update\update.exe - 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\spuninst.exe + 2011-11-19 15:44 . 2011-11-19 15:44 301056 c:\windows\Installer\62a5ef.msi + 2004-02-23 08:00 . 2004-02-23 08:00 1386496 c:\windows\system32\msvbvm60.dll + 2010-01-27 01:07 . 2011-11-18 11:55 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2007-05-05 00:40 . 2011-11-19 06:05 15411796 c:\windows\system32\Restore\rstrlog.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6027:TCP"= 6027:TCP:rcntsjph . R2 druudwilx;Driver Center;c:\windows\system32\svchost.exe [2008-04-14 14336] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs druudwilx . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-21 00:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\druudwilx] "ServiceDll"="c:\windows\system32\vrcrs.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(344) c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\msiexec.exe c:\windows\System32\locator.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2011-11-21 00:10:35 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-21 05:10 ComboFix2.txt 2011-11-19 14:33 ComboFix3.txt 2011-10-21 02:31 ComboFix4.txt 2011-10-14 04:37 ComboFix5.txt 2011-11-21 04:57 . Pre-Run: 65,964,105,728 bytes free Post-Run: 65,953,120,256 bytes free . - - End Of File - - E9011B5AF3E9766510D54357228C2DED