I have a rundll error which I suspect is from malware.I have updated and run a scan using the malwarebytes software which has not provided a solution. As a result I am unable change my desktop wallpaper without the display programme hanging. I have posted the 3 log files DDS.txt and attach.txt, as well as the rootkit file as per instructions on website. Thanks for your help. DDS file . DDS (Ver_11-03-05.01) - NTFSx86 Run by USERXP at 15:30:34.76 on 2011/03/25 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1074 [GMT 2:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\conquest\dgateserv.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\conquest\dgate.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\USERXP\Desktop\Defogger.exe C:\Documents and Settings\USERXP\Desktop\dds(2).scr . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\documents and settings\userxp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [CAHeadless] c:\program files\adobe\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe uRun: [skype] "c:\documents and settings\userxp\desktop\phone\Skype.exe" /nosplash /minimized mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation mRun: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quicken2\billmind.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken2\bagent.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: MIW Deployment - hxxps://196.38.48.3/downloads/MIWDeploy.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {54FF454A-8F37-4406-8797-4C3607918A85} - hxxp://pacs.tuft.co.za:87/ami/install/amiviewer.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\userxp\applic~1\mozilla\firefox\profiles\952ut2xk.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.mweb.co.za/home/home.aspx|http://www.google.co.za/|http://www.iafrica.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc03dc5&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\userxp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984] R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-28 55224] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-23 25824] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208] R2 RUSHTON;RUSHTON;c:\conquest\DgateServ.exe [2008-12-2 54784] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176] S2 mrtRate;mrtRate; [x] S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\userxp\locals~1\temp\aticdsdr.sys --> c:\docume~1\userxp\locals~1\temp\ATICDSDr.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-21 517448] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] . =============== Created Last 30 ================ . 2011-03-22 15:08:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2011-03-22 15:08:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2011-03-22 15:08:30 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2011-03-22 15:08:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2011-03-22 15:08:24 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2011-03-22 15:07:38 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2011-03-22 15:07:33 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2011-03-22 15:07:31 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2011-03-22 15:07:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2011-03-22 15:07:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2011-03-22 15:06:24 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2011-03-22 15:06:18 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys 2011-03-22 15:06:16 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys 2011-03-22 15:06:02 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2011-03-22 15:04:59 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2011-03-22 15:03:58 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll 2011-03-22 15:02:59 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys 2011-03-22 15:01:59 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll 2011-03-22 15:01:56 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys 2011-03-22 15:01:53 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys 2011-03-22 15:01:50 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll 2011-03-22 15:01:47 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll 2011-03-22 15:01:43 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll 2011-03-22 15:01:39 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll 2011-03-22 15:01:28 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll 2011-03-22 15:01:25 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll 2011-03-22 15:01:23 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys 2011-03-22 15:01:19 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys 2011-03-22 15:01:02 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys 2011-03-22 14:59:39 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll 2011-03-22 14:59:37 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys 2011-03-22 14:59:34 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys 2011-03-22 14:59:32 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys 2011-03-22 14:59:29 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys 2011-03-22 14:59:29 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys 2011-03-22 14:59:28 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys 2011-03-22 14:59:21 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll 2011-03-22 14:59:19 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll 2011-03-22 14:59:15 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll 2011-03-22 14:59:09 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll 2011-03-22 14:58:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys 2011-03-22 14:58:50 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys 2011-03-22 14:58:44 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys 2011-03-22 14:58:40 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll 2011-03-22 14:58:37 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys 2011-03-22 14:58:36 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys 2011-03-22 14:58:32 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll 2011-03-22 14:58:29 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys 2011-03-22 14:58:26 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll 2011-03-22 14:58:23 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys 2011-03-22 14:58:21 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll 2011-03-22 14:58:18 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2011-03-22 14:57:13 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys 2011-03-22 14:57:11 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2011-03-22 14:57:09 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2011-03-22 14:57:07 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll 2011-03-22 14:57:03 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys 2011-03-22 14:56:50 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys 2011-03-22 14:56:31 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys 2011-03-22 14:56:28 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys 2011-03-22 14:56:25 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys 2011-03-22 14:56:18 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys 2011-03-22 14:56:15 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys 2011-03-22 14:56:09 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys 2011-03-22 14:56:06 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys 2011-03-22 14:56:02 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys 2011-03-22 14:54:57 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys 2011-03-22 14:53:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys 2011-03-22 14:52:59 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys 2011-03-22 14:51:58 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll 2011-03-22 14:51:56 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys 2011-03-22 14:51:53 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys 2011-03-22 14:51:50 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys 2011-03-22 14:51:47 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys 2011-03-22 14:51:40 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys 2011-03-22 14:51:37 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys 2011-03-22 14:51:35 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys 2011-03-22 14:51:33 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys 2011-03-22 14:51:00 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys 2011-03-22 14:50:57 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll 2011-03-22 14:50:40 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys 2011-03-22 14:50:33 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys 2011-03-22 14:50:31 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys 2011-03-22 14:50:30 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys 2011-03-22 14:50:26 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys 2011-03-22 14:50:23 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys 2011-03-22 14:50:14 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys 2011-03-22 14:50:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys 2011-03-22 14:50:03 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys 2011-03-22 14:48:54 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys 2011-03-22 14:48:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys 2011-03-22 14:48:32 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys 2011-03-22 14:48:30 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys 2011-03-22 14:48:29 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll 2011-03-22 14:47:47 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys 2011-03-22 14:47:44 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys 2011-03-22 14:47:43 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2011-03-22 14:47:30 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys 2011-03-22 14:47:08 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys 2011-03-22 14:45:58 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys 2011-03-22 14:44:58 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-03-22 14:43:57 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe 2011-03-22 14:42:58 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2011-03-22 14:41:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll 2011-03-22 14:40:56 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll 2011-03-22 14:39:58 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys 2011-03-22 14:38:58 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys 2011-03-22 14:37:59 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys 2011-03-22 14:36:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys 2011-03-22 14:35:14 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2011-03-22 14:34:55 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll 2011-03-22 14:33:59 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys 2011-03-22 14:32:35 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-03-21 18:31:30 -------- d-----w- c:\docume~1\userxp\applic~1\Malwarebytes 2011-03-21 18:31:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-21 18:31:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-21 18:31:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-21 18:31:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-26 16:48:13 -------- d-----w- c:\program files\InterActual . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 15:32:49.40 =============== Attach.txt ark.txt