tenuglymen

TDSSKiler found threats - do i quarantine them?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-29 10:33:16 ----------------------------- 10:33:16.750 OS Version: Windows 5.1.2600 Service Pack 3 10:33:16.750 Number of processors: 2 586 0x1706 10:33:16.750 ComputerName: HARTMAN4FAMILY UserName: Michael 10:33:17.250 Initialize success 10:34:06.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 10:34:06.453 Disk 0 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3 10:34:06.468 Disk 0 MBR read successfully 10:34:06.468 Disk 0 MBR scan 10:34:06.468 Disk 0 Windows XP default MBR code 10:34:06.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131059 MB offset 63 10:34:06.468 Disk 0 scanning sectors +268410240 10:34:06.531 Disk 0 scanning C:\WINDOWS\system32\drivers 10:34:11.671 Service scanning 10:34:17.843 Modules scanning 10:34:20.218 Scan finished successfully 10:34:43.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat" 10:34:43.250 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

FYI - ASK Toolbar is not showing up in Control Panel Add Remove Programs?

OK - I will wait for your response.

I removed [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Here is the new report from Roguekiller: RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Michael [Admin rights] Mode: Scan -- Date: 07/29/2012 09:20:32 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [Faked.Drv][FAKED] Ambfilt.sys : c:\windows\system32\drivers\Ambfilt.sys --> CANNOT FIX [Faked.Drv][FAKED] raspppoe.sys : c:\windows\system32\drivers\raspppoe.sys --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA69A47C) SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xBA69A436) SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA69A486) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA69A42C) SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xBA69A43B) SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xBA69A445) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA69A477) SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xBA69A44A) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA69A418) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA69A41D) SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xBA69A49F) SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xBA69A454) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA69A490) SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xBA69A44F) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA69A48B) SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA69A495) SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xBA69A440) SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xBA69A49A) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA69A427) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA69A4AE) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA69A4B3) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-00B3A0 +++++ --- User --- [MBR] db5fd922ebef1d141ab55ae364ef7801 [bSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131059 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

What do you think - I noticed that Roguekiller found some Fake files? Thanks again for your help:)

Here is the report from Roguekiller RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Michael [Admin rights] Mode: Scan -- Date: 07/29/2012 09:02:45 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [Faked.Drv][FAKED] RtkHDAud.sys : c:\windows\system32\drivers\RtkHDAud.sys --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA69A47C) SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xBA69A436) SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA69A486) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA69A42C) SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xBA69A43B) SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xBA69A445) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA69A477) SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xBA69A44A) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA69A418) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA69A41D) SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xBA69A49F) SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xBA69A454) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA69A490) SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xBA69A44F) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA69A48B) SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA69A495) SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xBA69A440) SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xBA69A49A) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA69A427) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA69A4AE) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA69A4B3) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-00B3A0 +++++ --- User --- [MBR] db5fd922ebef1d141ab55ae364ef7801 [bSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131059 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

i just ran bitdefender and it found no infections.

Security Check 317 results Results of screen317's Security Check version 0.99.43 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 37% Defragment your hard drive soon! ````````````````````End of Log``````````````````````

info.txt logfile of random's system information tool 1.09 2012-07-29 08:50:31 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} Avira Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Catalyst Control Center - Branding-->MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Download Manager-->MsiExec.exe /X{654977DB-0001-0002-0001-EABD228DDE8B} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Orcs Must Die!-->"C:\Program Files\Steam\steam.exe" steam://uninstall/102600 Origin-->C:\Program Files\Origin\OriginUninstall.exe Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe" Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe" Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe" Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe" Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe" Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe" Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe" Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe" Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe" Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe" Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe" Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe" Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe" Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe" Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe" Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe" Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe" Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe" Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe" Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe" Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe" Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe" Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe" Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe" Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe" Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe" Security Update for Windows XP (KB2699988)-->"C:\WINDOWS\$NtUninstallKB2699988$\spuninst\spuninst.exe" Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe" Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe" Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Spec Ops: The Line-->"C:\Program Files\Steam\steam.exe" steam://uninstall/50300 SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe" Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: Avira Desktop ======System event log====== Computer Name: HARTMAN4FAMILY Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 446 Source Name: Tcpip Time Written: 20120728115042.000000-240 Event Type: warning User: Computer Name: HARTMAN4FAMILY Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 442 Source Name: Tcpip Time Written: 20120728111418.000000-240 Event Type: warning User: Computer Name: HARTMAN4FAMILY Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 439 Source Name: Tcpip Time Written: 20120728105541.000000-240 Event Type: warning User: Computer Name: HARTMAN4FAMILY Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 61 Source Name: Tcpip Time Written: 20120728084543.000000-240 Event Type: warning User: Computer Name: HARTMAN4FAMILY Event Code: 60055 Message: Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. Record Number: 6 Source Name: Setup Time Written: 20120728081821.000000-240 Event Type: error User: =====Application event log===== Computer Name: HARTMAN4FAMILY Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 37 Source Name: WinMgmt Time Written: 20120728084350.000000-240 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: HARTMAN4FAMILY Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 36 Source Name: WinMgmt Time Written: 20120728084350.000000-240 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: HARTMAN4FAMILY Event Code: 63 Message: A provider, WMIProv, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 24 Source Name: WinMgmt Time Written: 20120728083920.000000-240 Event Type: warning User: HARTMAN4FAMILY\Michael Computer Name: HARTMAN4FAMILY Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 23 Source Name: WinMgmt Time Written: 20120728083920.000000-240 Event Type: warning User: HARTMAN4FAMILY\Michael Computer Name: HARTMAN4FAMILY Event Code: 4354 Message: The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001. Record Number: 20 Source Name: EventSystem Time Written: 20120728082222.000000-240 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------

Thanks for the clarification - i will post results. Logfile of random's system information tool 1.09 (written by random/random) Run by Michael at 2012-07-29 08:50:21 Microsoft Windows XP Professional Service Pack 3 System drive C: has 106 GB (81%) free of 131 GB Total RAM: 2046 MB (66% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:50:29 AM, on 7/29/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Steam\Steam.exe C:\Program Files\Origin\Origin.exe C:\Program Files\Origin\OriginClientService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Michael\My Documents\Downloads\RSIT.exe C:\Program Files\trend micro\Michael.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343481156125 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4886 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1563985344-839522115-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1563985344-839522115-1003UA.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-06-20 1568976] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-03 98304] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2010-11-03 84584] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2010-11-03 2815592] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2010-11-03 64104] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Google Update"=C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-28 116648] "Steam"=C:\Program Files\Steam\Steam.exe [2012-07-28 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2012-07-04 192512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe"="C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe:*:Enabled:Spec Ops: The Line" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2012-07-29 08:50:21 ----D---- C:\rsit 2012-07-29 08:50:21 ----D---- C:\Program Files\trend micro 2012-07-29 08:47:45 ----D---- C:\WINDOWS\ERDNT 2012-07-29 08:47:17 ----D---- C:\Program Files\ERUNT 2012-07-28 14:18:36 ----D---- C:\Documents and Settings\Michael\Application Data\SPORE 2012-07-28 14:18:27 ----RHD---- C:\Documents and Settings\Michael\Application Data\SecuROM 2012-07-28 14:18:26 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2012-07-28 14:17:49 ----D---- C:\WINDOWS\system32\RTCOM 2012-07-28 14:17:43 ----A---- C:\WINDOWS\vncutil.exe 2012-07-28 14:17:43 ----A---- C:\WINDOWS\SOUNDMAN.EXE 2012-07-28 14:17:43 ----A---- C:\WINDOWS\SkyTel.exe 2012-07-28 14:17:42 ----A---- C:\WINDOWS\system32\RtkCoLDRXP.dll 2012-07-28 14:17:42 ----A---- C:\WINDOWS\system32\RtkCoInstIIXP.dll 2012-07-28 14:17:42 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2012-07-28 14:17:42 ----A---- C:\WINDOWS\RtlUpd.exe 2012-07-28 14:17:42 ----A---- C:\WINDOWS\RTLCPL.EXE 2012-07-28 14:17:41 ----A---- C:\WINDOWS\system32\drivers\RTAIODAT.DAT 2012-07-28 14:17:41 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys 2012-07-28 14:17:41 ----A---- C:\WINDOWS\RtkAudioService.exe 2012-07-28 14:17:41 ----A---- C:\WINDOWS\RTHDCPL.EXE 2012-07-28 14:17:41 ----A---- C:\WINDOWS\MicCal.exe 2012-07-28 14:17:40 ----D---- C:\Program Files\Realtek 2012-07-28 14:17:40 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys 2012-07-28 14:17:40 ----A---- C:\WINDOWS\ALCWZRD.EXE 2012-07-28 14:17:40 ----A---- C:\WINDOWS\ALCMTR.EXE 2012-07-28 14:17:35 ----A---- C:\WINDOWS\RtlExUpd.dll 2012-07-28 14:17:32 ----D---- C:\Program Files\Common Files\InstallShield 2012-07-28 13:44:00 ----A---- C:\WINDOWS\system32\mucltui.dll 2012-07-28 11:57:39 ----D---- C:\WINDOWS\LastGood 2012-07-28 11:57:38 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2012-07-28 11:57:22 ----HD---- C:\Program Files\InstallShield Installation Information 2012-07-28 11:16:54 ----D---- C:\Program Files\Origin Games 2012-07-28 11:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Origin 2012-07-28 11:15:53 ----D---- C:\Documents and Settings\Michael\Application Data\Origin 2012-07-28 11:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2012-07-28 11:15:49 ----D---- C:\Program Files\Origin 2012-07-28 10:55:36 ----D---- C:\Program Files\Common Files\Steam 2012-07-28 10:55:35 ----D---- C:\Program Files\Steam 2012-07-28 10:49:38 ----D---- C:\Documents and Settings\Michael\Application Data\ATI 2012-07-28 10:49:38 ----D---- C:\Documents and Settings\All Users\Application Data\ATI 2012-07-28 10:46:14 ----A---- C:\WINDOWS\system32\drivers\splitter.sys 2012-07-28 10:46:13 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys 2012-07-28 10:46:12 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys 2012-07-28 10:46:11 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys 2012-07-28 10:46:09 ----A---- C:\WINDOWS\system32\drivers\aec.sys 2012-07-28 10:46:08 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys 2012-07-28 10:46:07 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys 2012-07-28 10:46:06 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys 2012-07-28 10:46:05 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys 2012-07-28 10:46:04 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys 2012-07-28 10:46:02 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2012-07-28 10:45:59 ----A---- C:\WINDOWS\system32\ksuser.dll 2012-07-28 10:45:59 ----A---- C:\WINDOWS\system32\drivers\portcls.sys 2012-07-28 10:45:59 ----A---- C:\WINDOWS\system32\drivers\drmk.sys 2012-07-28 10:45:58 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativvamv.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativva6x.dat 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativva5x.dat 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativcoxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atitvo32.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atioglxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIODE.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIODCLI.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atimpc32.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atikvmag.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiicdxx.dat 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atibtmon.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiapfxx.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiadlxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2012-07-28 10:45:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2012-07-28 10:44:40 ----RSD---- C:\WINDOWS\assembly 2012-07-28 10:44:28 ----D---- C:\WINDOWS\Microsoft.NET 2012-07-28 10:44:15 ----D---- C:\Program Files\ATI Technologies 2012-07-28 10:44:12 ----D---- C:\Program Files\ATI 2012-07-28 10:43:09 ----D---- C:\AMD 2012-07-28 10:36:46 ----D---- C:\Documents and Settings\Michael\Application Data\Macromedia 2012-07-28 10:36:46 ----D---- C:\Documents and Settings\Michael\Application Data\Adobe 2012-07-28 10:36:08 ----A---- C:\WINDOWS\system32\d3d9caps.dat 2012-07-28 10:17:32 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes 2012-07-28 10:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-07-28 10:17:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-07-28 10:17:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2012-07-28 10:16:35 ----D---- C:\Documents and Settings\Michael\Application Data\Avira 2012-07-28 10:12:48 ----D---- C:\Documents and Settings\Michael\Application Data\AskToolbar 2012-07-28 10:05:47 ----D---- C:\Program Files\Ask.com 2012-07-28 10:05:35 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2012-07-28 10:05:33 ----D---- C:\Program Files\Avira 2012-07-28 10:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2012-07-28 10:05:33 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys 2012-07-28 10:05:33 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2012-07-28 10:05:33 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2012-07-28 10:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2012-07-28 09:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$ 2012-07-28 09:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$ 2012-07-28 09:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$ 2012-07-28 09:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$ 2012-07-28 09:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$ 2012-07-28 09:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$ 2012-07-28 09:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$ 2012-07-28 09:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$ 2012-07-28 09:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$ 2012-07-28 09:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$ 2012-07-28 09:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$ 2012-07-28 09:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$ 2012-07-28 09:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$ 2012-07-28 09:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$ 2012-07-28 09:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$ 2012-07-28 09:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$ 2012-07-28 09:31:53 ----D---- C:\WINDOWS\ie8updates 2012-07-28 09:31:45 ----D---- C:\WINDOWS\WBEM 2012-07-28 09:31:01 ----HDC---- C:\WINDOWS\ie8 2012-07-28 09:30:08 ----A---- C:\WINDOWS\system32\MRT.exe 2012-07-28 09:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$ 2012-07-28 09:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$ 2012-07-28 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$ 2012-07-28 09:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$ 2012-07-28 09:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$ 2012-07-28 09:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$ 2012-07-28 09:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$ 2012-07-28 09:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$ 2012-07-28 09:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$ 2012-07-28 09:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$ 2012-07-28 09:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$ 2012-07-28 09:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$ 2012-07-28 09:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$ 2012-07-28 09:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$ 2012-07-28 09:28:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$ 2012-07-28 09:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$ 2012-07-28 09:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$ 2012-07-28 09:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$ 2012-07-28 09:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$ 2012-07-28 09:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$ 2012-07-28 09:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$ 2012-07-28 09:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$ 2012-07-28 09:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$ 2012-07-28 09:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$ 2012-07-28 09:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$ 2012-07-28 09:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$ 2012-07-28 09:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$ 2012-07-28 09:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$ 2012-07-28 09:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$ 2012-07-28 09:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$ 2012-07-28 09:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$ 2012-07-28 09:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$ 2012-07-28 09:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$ 2012-07-28 09:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$ 2012-07-28 09:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$ 2012-07-28 09:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$ 2012-07-28 09:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$ 2012-07-28 09:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$ 2012-07-28 09:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$ 2012-07-28 09:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$ 2012-07-28 09:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$ 2012-07-28 09:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$ 2012-07-28 09:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$ 2012-07-28 09:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$ 2012-07-28 09:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$ 2012-07-28 09:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$ 2012-07-28 09:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$ 2012-07-28 09:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2012-07-28 09:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2012-07-28 09:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2012-07-28 09:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2012-07-28 09:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2012-07-28 09:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2012-07-28 09:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2012-07-28 09:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2012-07-28 09:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2012-07-28 09:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2012-07-28 09:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2012-07-28 09:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2012-07-28 09:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2012-07-28 09:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2012-07-28 09:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2012-07-28 09:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2012-07-28 09:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2012-07-28 09:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2012-07-28 09:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2012-07-28 09:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2012-07-28 09:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2012-07-28 09:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2012-07-28 09:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2012-07-28 09:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2012-07-28 09:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2012-07-28 09:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2012-07-28 09:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2012-07-28 09:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2012-07-28 09:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2012-07-28 09:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2012-07-28 09:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2012-07-28 09:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2012-07-28 09:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2012-07-28 09:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2012-07-28 09:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2012-07-28 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2012-07-28 09:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2012-07-28 09:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2012-07-28 09:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2012-07-28 09:25:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2012-07-28 09:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2012-07-28 09:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2012-07-28 09:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2012-07-28 09:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2012-07-28 09:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2012-07-28 09:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2012-07-28 09:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2012-07-28 09:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2012-07-28 09:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2012-07-28 09:23:24 ----N---- C:\WINDOWS\system32\iacenc.dll 2012-07-28 09:17:25 ----A---- C:\WINDOWS\system32\xpsp4res.dll 2012-07-28 09:16:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2012-07-28 09:16:23 ----D---- C:\WINDOWS\system32\PreInstall 2012-07-28 09:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2012-07-28 09:16:22 ----HD---- C:\WINDOWS\$hf_mig$ 2012-07-28 09:12:00 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2012-07-28 09:12:00 ----A---- C:\WINDOWS\system32\wups2.dll 2012-07-28 09:09:53 ----D---- C:\WINDOWS\Prefetch 2012-07-28 09:05:57 ----N---- C:\WINDOWS\system32\msxml6r.dll 2012-07-28 09:05:57 ----A---- C:\WINDOWS\system32\msxml6.dll 2012-07-28 09:05:50 ----N---- C:\WINDOWS\system32\smtpapi.dll 2012-07-28 09:05:50 ----N---- C:\WINDOWS\system32\rwnh.dll 2012-07-28 09:05:49 ----N---- C:\WINDOWS\system32\aaclient.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapsvc.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapqec.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eappprxy.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapphost.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eappgnui.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eappcfg.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapolqec.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3ui.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3svc.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3msm.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3api.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dimsroam.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\credssp.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\azroles.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\mmcperf.exe 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\mmcex.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kmsvc.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdpash.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\verclsid.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\tzchange.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\tspkg.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\tsgqec.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\setupn.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\rasqec.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qutil.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qcliprov.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qagentrt.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qagent.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\onex.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\napstat.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\napmontr.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\napipsec.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\mssha.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\wmphoto.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\wlanapi.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2012-07-28 09:05:44 ----N---- C:\WINDOWS\system32\xpsp3res.dll 2012-07-28 09:05:44 ----D---- C:\WINDOWS\system32\scripting 2012-07-28 09:05:44 ----D---- C:\WINDOWS\system32\en-us 2012-07-28 09:05:44 ----A---- C:\WINDOWS\system32\xmllite.dll 2012-07-28 09:05:43 ----D---- C:\WINDOWS\system32\en 2012-07-28 09:05:43 ----D---- C:\WINDOWS\system32\bits 2012-07-28 09:05:43 ----D---- C:\WINDOWS\l2schemas 2012-07-28 09:03:10 ----D---- C:\WINDOWS\network diagnostic 2012-07-28 09:03:09 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys 2012-07-28 09:03:08 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2012-07-28 09:02:43 ----A---- C:\WINDOWS\005317_.tmp 2012-07-28 08:55:29 ----D---- C:\Program Files\Microsoft Download Manager 2012-07-28 08:43:04 ----D---- C:\WINDOWS\SoftwareDistribution 2012-07-28 08:43:02 ----SD---- C:\WINDOWS\system32\Microsoft 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\spiisupd.exe 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\drivers\irbus.sys 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\comsdupd.exe 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\asr_pfu.exe 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\usbehci.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\tunmp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\smbali.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\siint5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sffp_sd.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sffdisk.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sdbus.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\recagent.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mssmbios.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ip6fw.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\intelppm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\http.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hidir.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\fltmgr.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthport.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\amdk7.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\agp440.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ati3duag.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mssap.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mspmsnsv.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\msftedit.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\msdadiag.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mp4sdmod.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mp43dmod.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdukx.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdsmsno.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdno1.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdmlt48.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdmlt47.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdmaori.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdinmal.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdinben.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdinbe1.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdfi1.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\httpapi.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\hccoin.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fwcfg.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fsquirt.exe 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fltmc.exe 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fltlib.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\extmgr.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\encdec.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\encapi.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\dxdiagn.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\dsprpres.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\d3d9.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\cmsetacl.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\btpanui.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bthserv.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bthci.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\blastcln.exe 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bitsprx3.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bitsprx2.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\auditusr.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wshbth.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmspdmoe.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmspdmod.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmpdxm.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmpasf.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmp.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmidx.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmerror.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\winshfhc.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\winbrand.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\w3ssl.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\twext.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\strmfilt.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\smbinst.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slserv.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slrundll.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slgen.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slextspk.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slcoinst.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\sdhcinst.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\sbeio.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\sbe.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\s3gnb.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\powercfg.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\pnrpnsp.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2psvc.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2pnetsh.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2pgraph.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2pgasvc.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2p.dll 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\wscsvc.dll 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\wscntfy.exe 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\winhttp.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\xpsp1res.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\xmlprovi.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\xmlprov.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\wuaueng1.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\wuauclt1.exe 2012-07-28 08:39:08 ----N---- C:\WINDOWS\slrundll.exe 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\xpob2res.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wuweb.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wups.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wucltui.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wuapi.dll 2012-07-28 08:39:07 ----D---- C:\WINDOWS\peernet 2012-07-28 08:39:06 ----D---- C:\WINDOWS\provisioning 2012-07-28 08:38:34 ----D---- C:\WINDOWS\ServicePackFiles 2012-07-28 08:37:59 ----N---- C:\WINDOWS\system32\xpsp2res.dll 2012-07-28 08:37:11 ----N---- C:\WINDOWS\system32\spmsg.dll 2012-07-28 08:37:10 ----D---- C:\WINDOWS\system32\ReinstallBackups 2012-07-28 08:37:10 ----A---- C:\WINDOWS\002241_.tmp 2012-07-28 08:37:07 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2012-07-28 08:36:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2012-07-28 08:36:23 ----D---- C:\WINDOWS\EHome 2012-07-28 08:22:27 ----D---- C:\Documents and Settings\Michael\Application Data\U3 2012-07-28 08:22:07 ----SHD---- C:\WINDOWS\Installer 2012-07-28 08:22:05 ----D---- C:\Documents and Settings\Michael\Application Data\Identities 2012-07-28 08:22:04 ----HD---- C:\Program Files\Uninstall Information 2012-07-28 08:22:01 ----SD---- C:\Documents and Settings\Michael\Application Data\Microsoft 2012-07-28 08:22:01 ----ASH---- C:\Documents and Settings\Michael\Application Data\desktop.ini 2012-07-28 08:19:36 ----SHD---- C:\System Volume Information 2012-07-28 08:19:35 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-07-28 08:18:19 ----AS---- C:\WINDOWS\bootstat.dat 2012-07-28 08:17:29 ----D---- C:\WINDOWS\system32\xircom 2012-07-28 08:17:29 ----D---- C:\Program Files\xerox 2012-07-28 08:17:29 ----D---- C:\Program Files\microsoft frontpage 2012-07-28 08:17:21 ----RASH---- C:\MSDOS.SYS 2012-07-28 08:17:21 ----RASH---- C:\IO.SYS 2012-07-28 08:17:21 ----A---- C:\WINDOWS\control.ini 2012-07-28 08:17:21 ----A---- C:\CONFIG.SYS 2012-07-28 08:17:21 ----A---- C:\AUTOEXEC.BAT 2012-07-28 08:17:17 ----A---- C:\WINDOWS\OEWABLog.txt 2012-07-28 08:17:15 ----A---- C:\WINDOWS\system32\mapi32.dll 2012-07-28 08:16:49 ----SD---- C:\WINDOWS\Downloaded Program Files 2012-07-28 08:16:49 ----RD---- C:\WINDOWS\Offline Web Pages 2012-07-28 08:16:35 ----D---- C:\WINDOWS\srchasst 2012-07-28 08:16:30 ----D---- C:\WINDOWS\system32\DirectX 2012-07-28 08:16:29 ----D---- C:\WINDOWS\system32\Macromed 2012-07-28 08:16:20 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2012-07-28 08:16:19 ----A---- C:\WINDOWS\system32\qmgr.dll 2012-07-28 08:16:18 ----D---- C:\Program Files\Movie Maker 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\safrslv.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\safrdm.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\racpldlg.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\atrace.dll 2012-07-28 08:16:01 ----A---- C:\WINDOWS\system32\desktop.ini 2012-07-28 08:16:01 ----A---- C:\WINDOWS\desktop.ini 2012-07-28 08:15:56 ----D---- C:\WINDOWS\system32\Restore 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\srsvc.dll 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\srrstr.dll 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\srclient.dll 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\drivers\sr.sys 2012-07-28 08:15:55 ----D---- C:\Program Files\Windows Media Player 2012-07-28 08:15:55 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2012-07-28 08:15:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2012-07-28 08:15:55 ----A---- C:\WINDOWS\system32\ils.dll 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\msconf.dll 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\mnmdd.dll 2012-07-28 08:15:51 ----D---- C:\Program Files\NetMeeting 2012-07-28 08:15:50 ----D---- C:\WINDOWS\PCHEALTH 2012-07-28 08:15:50 ----A---- C:\WINDOWS\system32\msoert2.dll 2012-07-28 08:15:50 ----A---- C:\WINDOWS\system32\msoeacct.dll 2012-07-28 08:15:50 ----A---- C:\WINDOWS\system32\acctres.dll 2012-07-28 08:15:49 ----D---- C:\Program Files\Common Files\Services 2012-07-28 08:15:48 ----A---- C:\WINDOWS\system32\inetres.dll 2012-07-28 08:15:48 ----A---- C:\WINDOWS\system32\inetcomm.dll 2012-07-28 08:15:44 ----SD---- C:\WINDOWS\Tasks 2012-07-28 08:15:44 ----D---- C:\Program Files\Outlook Express 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\schedsvc.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\mstinit.exe 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\mstask.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\isign32.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\inetcfg.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\icwphbk.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\icwdial.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2012-07-28 08:15:42 ----D---- C:\Program Files\Common Files\MSSoap 2012-07-28 08:15:39 ----D---- C:\Program Files\Common Files\System 2012-07-28 08:15:35 ----D---- C:\Program Files\Internet Explorer 2012-07-28 08:15:25 ----A---- C:\WINDOWS\system32\emptyregdb.dat 2012-07-28 08:15:17 ----D---- C:\Program Files\ComPlus Applications 2012-07-28 08:15:16 ----A---- C:\WINDOWS\vbaddin.ini 2012-07-28 08:15:16 ----A---- C:\WINDOWS\vb.ini 2012-07-28 08:15:13 ----D---- C:\WINDOWS\Registration 2012-07-28 08:15:08 ----HD---- C:\Program Files\WindowsUpdate 2012-07-28 08:15:08 ----D---- C:\Program Files\Online Services 2012-07-28 08:15:04 ----D---- C:\Program Files\Messenger 2012-07-28 08:14:53 ----D---- C:\Program Files\MSN 2012-07-28 08:14:44 ----D---- C:\Program Files\MSN Gaming Zone 2012-07-28 08:14:44 ----A---- C:\WINDOWS\system32\write.exe 2012-07-28 08:14:30 ----A---- C:\WINDOWS\system32\accwiz.exe 2012-07-28 08:14:29 ----A---- C:\WINDOWS\system32\sndvol32.exe 2012-07-28 08:14:29 ----A---- C:\WINDOWS\system32\sndrec32.exe 2012-07-28 08:14:29 ----A---- C:\WINDOWS\system32\mplay32.exe 2012-07-28 08:14:28 ----A---- C:\WINDOWS\system32\hypertrm.dll 2012-07-28 08:14:28 ----A---- C:\WINDOWS\system32\hticons.dll 2012-07-28 08:14:27 ----A---- C:\WINDOWS\system32\avwav.dll 2012-07-28 08:14:27 ----A---- C:\WINDOWS\system32\avtapi.dll 2012-07-28 08:14:27 ----A---- C:\WINDOWS\system32\avmeter.dll 2012-07-28 08:14:26 ----D---- C:\Program Files\Windows NT 2012-07-28 08:14:26 ----A---- C:\WINDOWS\system32\winchat.exe 2012-07-28 08:14:23 ----A---- C:\WINDOWS\system32\mspaint.exe 2012-07-28 08:14:15 ----A---- C:\WINDOWS\system32\clipbrd.exe 2012-07-28 08:14:13 ----A---- C:\WINDOWS\system32\getuname.dll 2012-07-28 08:14:12 ----A---- C:\WINDOWS\system32\charmap.exe 2012-07-28 08:14:12 ----A---- C:\WINDOWS\system32\calc.exe 2012-07-28 08:14:11 ----A---- C:\WINDOWS\system32\winmine.exe 2012-07-28 08:14:11 ----A---- C:\WINDOWS\system32\spider.exe 2012-07-28 08:14:11 ----A---- C:\WINDOWS\system32\sol.exe 2012-07-28 08:14:10 ----A---- C:\WINDOWS\system32\mshearts.exe 2012-07-28 08:14:10 ----A---- C:\WINDOWS\system32\freecell.exe 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\wuauserv.dll 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\wuaueng.dll 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\wuauclt.exe 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys 2012-07-28 08:14:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2012-07-28 08:14:08 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\sessmgr.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\reset.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\remotepg.dll 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\rdshost.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\mstscax.dll 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\mstsc.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tslabels.ini 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tskill.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tscon.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\termsrv.dll 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\rdchost.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\shadow.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rwinsta.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\regini.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpclip.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\qwinsta.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\qprocess.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\qappsrv.exe 2012-07-28 08:14:04 ----A---- C:\WINDOWS\system32\msg.exe 2012-07-28 08:14:04 ----A---- C:\WINDOWS\system32\logoff.exe 2012-07-28 08:14:04 ----A---- C:\WINDOWS\system32\icaapi.dll 2012-07-28 08:14:03 ----D---- C:\WINDOWS\system32\MsDtc 2012-07-28 08:14:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2012-07-28 08:14:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2012-07-28 08:14:03 ----A---- C:\WINDOWS\system32\cdmodem.dll 2012-07-28 08:14:02 ----A---- C:\WINDOWS\system32\mtxoci.dll 2012-07-28 08:14:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\xolehlp.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtctm.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtclog.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtc.exe 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\mtxex.dll 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\mtxdm.dll 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2012-07-28 08:13:57 ----D---- C:\WINDOWS\system32\Com 2012-07-28 08:13:57 ----A---- C:\WINDOWS\system32\comrepl.dll 2012-07-28 08:13:57 ----A---- C:\WINDOWS\system32\comaddin.dll 2012-07-28 08:13:57 ----A---- C:\WINDOWS\system32\colbact.dll 2012-07-28 08:13:56 ----A---- C:\WINDOWS\system32\stclient.dll 2012-07-28 08:13:56 ----A---- C:\WINDOWS\system32\clbcatex.dll 2012-07-28 08:13:56 ----A---- C:\WINDOWS\system32\catsrvps.dll 2012-07-28 08:13:55 ----A---- C:\WINDOWS\system32\comsvcs.dll 2012-07-28 08:13:55 ----A---- C:\WINDOWS\system32\catsrvut.dll 2012-07-28 08:13:55 ----A---- C:\WINDOWS\system32\catsrv.dll 2012-07-28 08:13:54 ----A---- C:\WINDOWS\system32\comuid.dll 2012-07-28 08:13:54 ----A---- C:\WINDOWS\system32\comsnap.dll 2012-07-28 08:13:54 ----A---- C:\WINDOWS\system32\clbcatq.dll 2012-07-28 08:13:39 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2012-07-28 08:13:39 ----A---- C:\WINDOWS\system32\servdeps.dll 2012-07-28 08:13:38 ----A---- C:\WINDOWS\system32\mmfutil.dll 2012-07-28 08:13:38 ----A---- C:\WINDOWS\system32\licwmi.dll 2012-07-28 08:13:38 ----A---- C:\WINDOWS\system32\cmprops.dll 2012-07-28 08:13:25 ----A---- C:\WINDOWS\system32\drivers\termdd.sys 2012-07-28 08:13:25 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys 2012-07-28 04:12:13 ----A---- C:\WINDOWS\system32\h323log.txt 2012-07-28 04:09:52 ----A---- C:\WINDOWS\system32\drivers\audstub.sys 2012-07-28 04:09:44 ----A---- C:\WINDOWS\system32\hidserv.dll 2012-07-28 04:09:30 ----A---- C:\WINDOWS\system32\drivers\redbook.sys 2012-07-28 04:09:11 ----A---- C:\WINDOWS\system32\drivers\rtl8139.sys 2012-07-28 04:08:51 ----A---- C:\WINDOWS\system32\usbui.dll 2012-07-28 04:08:50 ----A---- C:\WINDOWS\system32\drivers\wmiacpi.sys 2012-07-28 04:08:20 ----A---- C:\WINDOWS\imsins.BAK 2012-07-28 04:08:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-07-28 04:08:17 ----D---- C:\Program Files\Common Files\ODBC 2012-07-28 04:08:17 ----A---- C:\WINDOWS\ODBCINST.INI 2012-07-28 04:08:13 ----D---- C:\Program Files\Common Files\SpeechEngines 2012-07-28 04:08:12 ----RD---- C:\Program Files 2012-07-28 04:08:12 ----D---- C:\Program Files\Common Files\Microsoft Shared 2012-07-28 04:08:12 ----D---- C:\Program Files\Common Files 2012-07-28 04:08:08 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2012-07-28 04:08:08 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2012-07-28 04:08:08 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdur.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdru.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2012-07-28 04:08:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2012-07-28 04:08:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2012-07-28 04:07:56 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2012-07-28 04:07:56 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2012-07-28 04:07:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2012-07-28 04:07:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2012-07-28 04:07:55 ----RA---- C:\WINDOWS\system32\kbdest.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdro.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\irclass.dll 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\drivers\irenum.sys 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\dgsetup.dll 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2012-07-28 04:07:46 ----A---- C:\WINDOWS\system32\spxcoins.dll 2012-07-28 04:07:46 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2012-07-28 04:07:45 ----A---- C:\WINDOWS\system32\batt.dll 2012-07-28 04:07:41 ----A---- C:\WINDOWS\TASKMAN.EXE 2012-07-28 04:07:41 ----A---- C:\WINDOWS\notepad.exe 2012-07-28 04:07:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2012-07-28 04:07:39 ----A---- C:\WINDOWS\system32\storprop.dll 2012-07-28 04:07:35 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2012-07-28 04:07:32 ----RA---- C:\WINDOWS\SET7.tmp 2012-07-28 04:07:29 ----RA---- C:\WINDOWS\SET3.tmp 2012-07-28 04:07:21 ----D---- C:\WINDOWS\system32\CatRoot2 2012-07-28 04:07:21 ----D---- C:\WINDOWS\system32\CatRoot 2012-07-28 04:07:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2012-07-28 04:00:55 ----A---- C:\WINDOWS\setuplog.txt 2012-07-28 04:00:52 ----D---- C:\Documents and Settings 2012-07-28 04:00:51 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT 2012-07-28 03:59:37 ----RASH---- C:\boot.ini 2012-07-28 03:56:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-07-28 03:56:52 ----RSD---- C:\WINDOWS\Fonts 2012-07-28 03:56:52 ----RD---- C:\WINDOWS\Web 2012-07-28 03:56:52 ----HD---- C:\WINDOWS\inf 2012-07-28 03:56:52 ----D---- C:\WINDOWS\WinSxS 2012-07-28 03:56:52 ----D---- C:\WINDOWS\twain_32 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Temp 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\wins 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\wbem 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\usmt 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\spool 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\ShellExt 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\Setup 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\ras 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\oobe 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\npp 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\mui 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\inetsrv 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\IME 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\icsxml 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\ias 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\export 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\drivers\etc 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\drivers\disdn 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\drivers 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\dhcp 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\config 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\3com_dmi 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\3076 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\2052 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1054 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1042 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1041 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1037 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1033 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1031 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1028 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1025 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system 2012-07-28 03:56:52 ----D---- C:\WINDOWS\security 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Resources 2012-07-28 03:56:52 ----D---- C:\WINDOWS\repair 2012-07-28 03:56:52 ----D---- C:\WINDOWS\mui 2012-07-28 03:56:52 ----D---- C:\WINDOWS\msapps 2012-07-28 03:56:52 ----D---- C:\WINDOWS\msagent 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Media 2012-07-28 03:56:52 ----D---- C:\WINDOWS\java 2012-07-28 03:56:52 ----D---- C:\WINDOWS\ime 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Help 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Driver Cache 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Debug 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Cursors 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Connection Wizard 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Config 2012-07-28 03:56:52 ----D---- C:\WINDOWS\AppPatch 2012-07-28 03:56:52 ----D---- C:\WINDOWS\addins 2012-07-28 03:56:52 ----D---- C:\WINDOWS 2012-07-28 03:56:52 ----ASH---- C:\pagefile.sys ======List of files/folders modified in the last 1 month====== 2012-07-28 08:39:30 ----A---- C:\WINDOWS\win.ini 2012-07-28 08:37:54 ----RASH---- C:\NTDETECT.COM 2012-07-28 08:17:09 ----ASH---- C:\WINDOWS\fonts\desktop.ini 2012-07-28 04:08:12 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928] R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-25 83392] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-04 7874560] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 mbr;mbr; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\mbr.sys [] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224] R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032] R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-04 643072] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336] -----------------EOF-----------------

What makes you think I am still infected?

I also re-installed Avira and MWB.

OK - i wiped out the hard drive and re-installed XP. I did install Steam and Origin my gaming platforms. I again appreciate your help and let me know if you find anything. Here is the DDS file: DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Michael at 11:46:38 on 2012-07-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1175 [GMT -4:00] . AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Steam\Steam.exe C:\Program Files\Origin\Origin.exe C:\Program Files\Origin\OriginClientService.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\michael\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [steam] "c:\program files\steam\Steam.exe" -silent mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343481094562 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343481156125 DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab TCP: DhcpNameServer = 192.168.11.1 TCP: Interfaces\{E642421D-E7BE-461D-AD41-F8A56E2C7478} : DhcpNameServer = 192.168.11.1 Notify: AtiExtEvent - Ati2evxx.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-28 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-28 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-28 110032] R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-7-28 465360] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-28 83392] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-7-28 103040] . =============== Created Last 30 ================ . 2012-07-28 15:16:54 -------- d-----w- c:\program files\Origin Games 2012-07-28 15:16:53 -------- d-----w- c:\documents and settings\michael\local settings\application data\Origin 2012-07-28 15:16:53 -------- d-----w- c:\documents and settings\all users\application data\Origin 2012-07-28 15:15:53 -------- d-----w- c:\documents and settings\michael\application data\Origin 2012-07-28 15:15:52 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts 2012-07-28 15:15:49 -------- d-----w- c:\program files\Origin 2012-07-28 14:55:36 -------- d-----w- c:\program files\common files\Steam 2012-07-28 14:55:35 -------- d-----w- c:\program files\Steam 2012-07-28 14:49:38 -------- d-----w- c:\documents and settings\michael\local settings\application data\ATI 2012-07-28 14:45:59 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys 2012-07-28 14:44:15 -------- d-----w- c:\program files\ATI Technologies 2012-07-28 14:44:12 -------- d-----w- c:\program files\ATI 2012-07-28 14:43:09 -------- d-----w- C:\AMD 2012-07-28 14:33:51 -------- d-----w- c:\documents and settings\michael\local settings\application data\Google 2012-07-28 14:17:32 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes 2012-07-28 14:17:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-28 14:17:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-28 14:17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-28 14:16:35 -------- d-----w- c:\documents and settings\michael\application data\Avira 2012-07-28 14:12:48 -------- d-----w- c:\documents and settings\michael\application data\AskToolbar 2012-07-28 14:05:47 -------- d-----w- c:\program files\Ask.com 2012-07-28 14:05:46 -------- d-----w- c:\documents and settings\michael\local settings\application data\AskToolbar 2012-07-28 14:05:33 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-28 14:05:33 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-28 14:05:33 -------- d-----w- c:\program files\Avira 2012-07-28 14:05:33 -------- d-----w- c:\documents and settings\all users\application data\Avira 2012-07-28 14:00:44 -------- d-sh--w- c:\documents and settings\michael\PrivacIE 2012-07-28 13:59:47 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2012-07-28 13:58:27 -------- d-sh--w- c:\documents and settings\michael\IETldCache 2012-07-28 13:31:53 -------- d-----w- c:\windows\ie8updates 2012-07-28 13:31:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-07-28 13:31:50 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-07-28 13:31:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-07-28 13:31:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-07-28 13:31:50 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-07-28 13:31:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-07-28 13:31:50 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-07-28 13:31:01 -------- dc-h--w- c:\windows\ie8 2012-07-28 13:24:08 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-07-28 13:23:24 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-07-28 13:23:24 3072 ------w- c:\windows\system32\iacenc.dll 2012-07-28 13:22:22 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-07-28 13:22:20 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-07-28 13:22:13 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll 2012-07-28 13:22:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-07-28 13:21:01 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-07-28 13:20:54 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-07-28 13:20:53 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2012-07-28 13:20:46 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll 2012-07-28 13:20:46 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-07-28 13:20:34 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-07-28 13:20:14 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2012-07-28 13:20:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-07-28 13:19:15 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-07-28 13:19:15 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-07-28 13:18:28 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2012-07-28 13:16:52 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-07-28 13:16:50 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-07-28 13:16:23 -------- d-----w- c:\windows\system32\PreInstall 2012-07-28 13:16:22 -------- d--h--w- c:\windows\$hf_mig$ 2012-07-28 13:12:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-07-28 13:12:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-07-28 13:12:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-07-28 13:12:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-07-28 13:12:00 -------- d-----w- c:\windows\system32\SoftwareDistribution 2012-07-28 13:04:18 33792 -c----w- c:\windows\system32\dllcache\custsat.dll 2012-07-28 13:03:10 -------- d-----w- c:\windows\network diagnostic 2012-07-28 13:03:09 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys 2012-07-28 13:03:08 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2012-07-28 13:02:43 19569 ----a-w- c:\windows\005317_.tmp . ==================== Find3M ==================== . 2012-07-28 14:45:54 0 ----a-w- c:\windows\ativpsrm.bin 2012-07-04 06:54:32 7874560 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2012-07-04 04:38:26 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-07-04 04:37:10 306176 ----a-w- c:\windows\system32\ati2dvag.dll 2012-07-04 04:36:46 307200 ----a-w- c:\windows\system32\atiiiexx.dll 2012-07-04 04:35:02 19603456 ----a-w- c:\windows\system32\atioglxx.dll 2012-07-04 04:32:28 5335616 ----a-w- c:\windows\system32\ati3duag.dll 2012-07-04 04:22:56 938368 ----a-w- c:\windows\system32\ativvamv.dll 2012-07-04 04:12:46 212992 ----a-w- c:\windows\system32\atipdlxx.dll 2012-07-04 04:12:34 163840 ----a-w- c:\windows\system32\Oemdspif.dll 2012-07-04 04:12:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2012-07-04 04:12:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-07-04 04:12:04 192512 ----a-w- c:\windows\system32\ati2evxx.dll 2012-07-04 04:10:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe 2012-07-04 04:09:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2012-07-04 04:08:58 3586816 ----a-w- c:\windows\system32\ativvaxx.dll 2012-07-04 04:05:52 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-07-04 04:01:18 835584 ----a-w- c:\windows\system32\atikvmag.dll 2012-07-04 03:56:42 634880 ----a-w- c:\windows\system32\atiok3x2.dll 2012-07-04 03:56:20 233472 ----a-w- c:\windows\system32\atiadlxx.dll 2012-07-04 03:56:02 17408 ----a-w- c:\windows\system32\atitvo32.dll 2012-07-04 03:50:02 909312 ----a-w- c:\windows\system32\ati2cqag.dll 2012-07-04 03:48:34 65024 ----a-w- c:\windows\system32\atimpc32.dll 2012-07-04 03:48:34 65024 ----a-w- c:\windows\system32\amdpcom32.dll 2012-07-04 03:47:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-14 06:12:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 11:47:39.46 ===============

Sorry - i have been out of town on biz. I gave up on trying to resolve the issue and am going to upgrade to MS 7. When i do the install will it clear off any malware? Also - i have backed up all of my work on a portable harddrive how to i remove off malware/viruses on it? Thanks in advance for your help.

Hello - the computer is crashing on me now and am getting a blue screen.

I just reinstalled Firefox and when I opened it, it immediattely crashed? Not sure what is happening.

Where is the ComboFix quarantined file?

Thanks again Maurice for your help. The computer is running much better. I noticed that DNA was running on start-up so i figured out to delete it from the computer. ComboFix log 7_22_12.txt

Second part of ComboFix report: R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5/29/2012 7:21 AM 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/29/2012 7:21 AM 86224] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/22/2010 8:33 PM 25824] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [7/4/2012 8:51 AM 103040] R3 Thermnaltake MS1 Filter;Thermnaltake MS1 Filter;c:\windows\system32\drivers\MS1Filter.sys [12/1/2011 7:48 AM 31360] S1 acnydnvk;acnydnvk;\??\c:\windows\system32\drivers\acnydnvk.sys --> c:\windows\system32\drivers\acnydnvk.sys [?] S1 adocqqdm;adocqqdm;\??\c:\windows\system32\drivers\adocqqdm.sys --> c:\windows\system32\drivers\adocqqdm.sys [?] S1 aelwisru;aelwisru;\??\c:\windows\system32\drivers\aelwisru.sys --> c:\windows\system32\drivers\aelwisru.sys [?] S1 agjptvxx;agjptvxx;\??\c:\windows\system32\drivers\agjptvxx.sys --> c:\windows\system32\drivers\agjptvxx.sys [?] S1 akkfewew;akkfewew;\??\c:\windows\system32\drivers\akkfewew.sys --> c:\windows\system32\drivers\akkfewew.sys [?] S1 amkatbha;amkatbha;\??\c:\windows\system32\drivers\amkatbha.sys --> c:\windows\system32\drivers\amkatbha.sys [?] S1 ardvgdvi;ardvgdvi;\??\c:\windows\system32\drivers\ardvgdvi.sys --> c:\windows\system32\drivers\ardvgdvi.sys [?] S1 aunsmjnh;aunsmjnh;\??\c:\windows\system32\drivers\aunsmjnh.sys --> c:\windows\system32\drivers\aunsmjnh.sys [?] S1 avpomlai;avpomlai;\??\c:\windows\system32\drivers\avpomlai.sys --> c:\windows\system32\drivers\avpomlai.sys [?] S1 axtlklvj;axtlklvj;\??\c:\windows\system32\drivers\axtlklvj.sys --> c:\windows\system32\drivers\axtlklvj.sys [?] S1 ayoyocox;ayoyocox;\??\c:\windows\system32\drivers\ayoyocox.sys --> c:\windows\system32\drivers\ayoyocox.sys [?] S1 aypstljt;aypstljt;\??\c:\windows\system32\drivers\aypstljt.sys --> c:\windows\system32\drivers\aypstljt.sys [?] S1 baopbtqb;baopbtqb;\??\c:\windows\system32\drivers\baopbtqb.sys --> c:\windows\system32\drivers\baopbtqb.sys [?] S1 bdcccaxn;bdcccaxn;\??\c:\windows\system32\drivers\bdcccaxn.sys --> c:\windows\system32\drivers\bdcccaxn.sys [?] S1 bjfvgobc;bjfvgobc;\??\c:\windows\system32\drivers\bjfvgobc.sys --> c:\windows\system32\drivers\bjfvgobc.sys [?] S1 bkgktlti;bkgktlti;\??\c:\windows\system32\drivers\bkgktlti.sys --> c:\windows\system32\drivers\bkgktlti.sys [?] S1 bmuzupjn;bmuzupjn;\??\c:\windows\system32\drivers\bmuzupjn.sys --> c:\windows\system32\drivers\bmuzupjn.sys [?] S1 boiowsxr;boiowsxr;\??\c:\windows\system32\drivers\boiowsxr.sys --> c:\windows\system32\drivers\boiowsxr.sys [?] S1 cblfibtr;cblfibtr;\??\c:\windows\system32\drivers\cblfibtr.sys --> c:\windows\system32\drivers\cblfibtr.sys [?] S1 ccithkfl;ccithkfl;\??\c:\windows\system32\drivers\ccithkfl.sys --> c:\windows\system32\drivers\ccithkfl.sys [?] S1 chexewdj;chexewdj;\??\c:\windows\system32\drivers\chexewdj.sys --> c:\windows\system32\drivers\chexewdj.sys [?] S1 cirjxecg;cirjxecg;\??\c:\windows\system32\drivers\cirjxecg.sys --> c:\windows\system32\drivers\cirjxecg.sys [?] S1 ckxzvofp;ckxzvofp;\??\c:\windows\system32\drivers\ckxzvofp.sys --> c:\windows\system32\drivers\ckxzvofp.sys [?] S1 cmbrnppr;cmbrnppr;\??\c:\windows\system32\drivers\cmbrnppr.sys --> c:\windows\system32\drivers\cmbrnppr.sys [?] S1 cmticpgm;cmticpgm;\??\c:\windows\system32\drivers\cmticpgm.sys --> c:\windows\system32\drivers\cmticpgm.sys [?] S1 cmuijqwf;cmuijqwf;\??\c:\windows\system32\drivers\cmuijqwf.sys --> c:\windows\system32\drivers\cmuijqwf.sys [?] S1 coixecat;coixecat;\??\c:\windows\system32\drivers\coixecat.sys --> c:\windows\system32\drivers\coixecat.sys [?] S1 cpnyzaep;cpnyzaep;\??\c:\windows\system32\drivers\cpnyzaep.sys --> c:\windows\system32\drivers\cpnyzaep.sys [?] S1 cprrlftu;cprrlftu;\??\c:\windows\system32\drivers\cprrlftu.sys --> c:\windows\system32\drivers\cprrlftu.sys [?] S1 criuzcms;criuzcms;\??\c:\windows\system32\drivers\criuzcms.sys --> c:\windows\system32\drivers\criuzcms.sys [?] S1 csbobodb;csbobodb;\??\c:\windows\system32\drivers\csbobodb.sys --> c:\windows\system32\drivers\csbobodb.sys [?] S1 csytclsu;csytclsu;\??\c:\windows\system32\drivers\csytclsu.sys --> c:\windows\system32\drivers\csytclsu.sys [?] S1 ctdoqjyq;ctdoqjyq;\??\c:\windows\system32\drivers\ctdoqjyq.sys --> c:\windows\system32\drivers\ctdoqjyq.sys [?] S1 ctfkdwhs;ctfkdwhs;\??\c:\windows\system32\drivers\ctfkdwhs.sys --> c:\windows\system32\drivers\ctfkdwhs.sys [?] S1 ctjvtycx;ctjvtycx;\??\c:\windows\system32\drivers\ctjvtycx.sys --> c:\windows\system32\drivers\ctjvtycx.sys [?] S1 cykyiwaw;cykyiwaw;\??\c:\windows\system32\drivers\cykyiwaw.sys --> c:\windows\system32\drivers\cykyiwaw.sys [?] S1 czaozzpn;czaozzpn;\??\c:\windows\system32\drivers\czaozzpn.sys --> c:\windows\system32\drivers\czaozzpn.sys [?] S1 deibavba;deibavba;\??\c:\windows\system32\drivers\deibavba.sys --> c:\windows\system32\drivers\deibavba.sys [?] S1 didctihm;didctihm;\??\c:\windows\system32\drivers\didctihm.sys --> c:\windows\system32\drivers\didctihm.sys [?] S1 dkdjzpav;dkdjzpav;\??\c:\windows\system32\drivers\dkdjzpav.sys --> c:\windows\system32\drivers\dkdjzpav.sys [?] S1 dlrptcbj;dlrptcbj;\??\c:\windows\system32\drivers\dlrptcbj.sys --> c:\windows\system32\drivers\dlrptcbj.sys [?] S1 dnwspytf;dnwspytf;\??\c:\windows\system32\drivers\dnwspytf.sys --> c:\windows\system32\drivers\dnwspytf.sys [?] S1 dwgoyvnc;dwgoyvnc;\??\c:\windows\system32\drivers\dwgoyvnc.sys --> c:\windows\system32\drivers\dwgoyvnc.sys [?] S1 dyhonejw;dyhonejw;\??\c:\windows\system32\drivers\dyhonejw.sys --> c:\windows\system32\drivers\dyhonejw.sys [?] S1 ewfnbnpf;ewfnbnpf;\??\c:\windows\system32\drivers\ewfnbnpf.sys --> c:\windows\system32\drivers\ewfnbnpf.sys [?] S1 exhfnvnz;exhfnvnz;\??\c:\windows\system32\drivers\exhfnvnz.sys --> c:\windows\system32\drivers\exhfnvnz.sys [?] S1 fecwqzyz;fecwqzyz;\??\c:\windows\system32\drivers\fecwqzyz.sys --> c:\windows\system32\drivers\fecwqzyz.sys [?] S1 fervhwau;fervhwau;\??\c:\windows\system32\drivers\fervhwau.sys --> c:\windows\system32\drivers\fervhwau.sys [?] S1 fftvqnum;fftvqnum;\??\c:\windows\system32\drivers\fftvqnum.sys --> c:\windows\system32\drivers\fftvqnum.sys [?] S1 fgfonugq;fgfonugq;\??\c:\windows\system32\drivers\fgfonugq.sys --> c:\windows\system32\drivers\fgfonugq.sys [?] S1 fhrppazp;fhrppazp;\??\c:\windows\system32\drivers\fhrppazp.sys --> c:\windows\system32\drivers\fhrppazp.sys [?] S1 fitoqrhy;fitoqrhy;\??\c:\windows\system32\drivers\fitoqrhy.sys --> c:\windows\system32\drivers\fitoqrhy.sys [?] S1 fkfipyic;fkfipyic;\??\c:\windows\system32\drivers\fkfipyic.sys --> c:\windows\system32\drivers\fkfipyic.sys [?] S1 fpjxhmsb;fpjxhmsb;\??\c:\windows\system32\drivers\fpjxhmsb.sys --> c:\windows\system32\drivers\fpjxhmsb.sys [?] S1 fuavwbfk;fuavwbfk;\??\c:\windows\system32\drivers\fuavwbfk.sys --> c:\windows\system32\drivers\fuavwbfk.sys [?] S1 fvmrprqo;fvmrprqo;\??\c:\windows\system32\drivers\fvmrprqo.sys --> c:\windows\system32\drivers\fvmrprqo.sys [?] S1 gaoucbxe;gaoucbxe;\??\c:\windows\system32\drivers\gaoucbxe.sys --> c:\windows\system32\drivers\gaoucbxe.sys [?] S1 ghrrxwhc;ghrrxwhc;\??\c:\windows\system32\drivers\ghrrxwhc.sys --> c:\windows\system32\drivers\ghrrxwhc.sys [?] S1 gipavsdo;gipavsdo;\??\c:\windows\system32\drivers\gipavsdo.sys --> c:\windows\system32\drivers\gipavsdo.sys [?] S1 gmbzuwlr;gmbzuwlr;\??\c:\windows\system32\drivers\gmbzuwlr.sys --> c:\windows\system32\drivers\gmbzuwlr.sys [?] S1 gsogeajj;gsogeajj;\??\c:\windows\system32\drivers\gsogeajj.sys --> c:\windows\system32\drivers\gsogeajj.sys [?] S1 gwdobyzn;gwdobyzn;\??\c:\windows\system32\drivers\gwdobyzn.sys --> c:\windows\system32\drivers\gwdobyzn.sys [?] S1 gxswmhnj;gxswmhnj;\??\c:\windows\system32\drivers\gxswmhnj.sys --> c:\windows\system32\drivers\gxswmhnj.sys [?] S1 gznitruk;gznitruk;\??\c:\windows\system32\drivers\gznitruk.sys --> c:\windows\system32\drivers\gznitruk.sys [?] S1 haachlop;haachlop;\??\c:\windows\system32\drivers\haachlop.sys --> c:\windows\system32\drivers\haachlop.sys [?] S1 hftffjqv;hftffjqv;\??\c:\windows\system32\drivers\hftffjqv.sys --> c:\windows\system32\drivers\hftffjqv.sys [?] S1 hgpagzop;hgpagzop;\??\c:\windows\system32\drivers\hgpagzop.sys --> c:\windows\system32\drivers\hgpagzop.sys [?] S1 hhaqnmse;hhaqnmse;\??\c:\windows\system32\drivers\hhaqnmse.sys --> c:\windows\system32\drivers\hhaqnmse.sys [?] S1 hkcievze;hkcievze;\??\c:\windows\system32\drivers\hkcievze.sys --> c:\windows\system32\drivers\hkcievze.sys [?] S1 hqndwuzi;hqndwuzi;\??\c:\windows\system32\drivers\hqndwuzi.sys --> c:\windows\system32\drivers\hqndwuzi.sys [?] S1 hszmygbz;hszmygbz;\??\c:\windows\system32\drivers\hszmygbz.sys --> c:\windows\system32\drivers\hszmygbz.sys [?] S1 hulhaopf;hulhaopf;\??\c:\windows\system32\drivers\hulhaopf.sys --> c:\windows\system32\drivers\hulhaopf.sys [?] S1 hvbpeeuc;hvbpeeuc;\??\c:\windows\system32\drivers\hvbpeeuc.sys --> c:\windows\system32\drivers\hvbpeeuc.sys [?] S1 hvxqjfbo;hvxqjfbo;\??\c:\windows\system32\drivers\hvxqjfbo.sys --> c:\windows\system32\drivers\hvxqjfbo.sys [?] S1 hxrupjdi;hxrupjdi;\??\c:\windows\system32\drivers\hxrupjdi.sys --> c:\windows\system32\drivers\hxrupjdi.sys [?] S1 idmndluy;idmndluy;\??\c:\windows\system32\drivers\idmndluy.sys --> c:\windows\system32\drivers\idmndluy.sys [?] S1 idymfsgb;idymfsgb;\??\c:\windows\system32\drivers\idymfsgb.sys --> c:\windows\system32\drivers\idymfsgb.sys [?] S1 iemsvzyd;iemsvzyd;\??\c:\windows\system32\drivers\iemsvzyd.sys --> c:\windows\system32\drivers\iemsvzyd.sys [?] S1 igckaefn;igckaefn;\??\c:\windows\system32\drivers\igckaefn.sys --> c:\windows\system32\drivers\igckaefn.sys [?] S1 ihhshoix;ihhshoix;\??\c:\windows\system32\drivers\ihhshoix.sys --> c:\windows\system32\drivers\ihhshoix.sys [?] S1 ikmmeplk;ikmmeplk;\??\c:\windows\system32\drivers\ikmmeplk.sys --> c:\windows\system32\drivers\ikmmeplk.sys [?] S1 iperfhqe;iperfhqe;\??\c:\windows\system32\drivers\iperfhqe.sys --> c:\windows\system32\drivers\iperfhqe.sys [?] S1 irktqspi;irktqspi;\??\c:\windows\system32\drivers\irktqspi.sys --> c:\windows\system32\drivers\irktqspi.sys [?] S1 ivnsfgke;ivnsfgke;\??\c:\windows\system32\drivers\ivnsfgke.sys --> c:\windows\system32\drivers\ivnsfgke.sys [?] S1 ixsroohk;ixsroohk;\??\c:\windows\system32\drivers\ixsroohk.sys --> c:\windows\system32\drivers\ixsroohk.sys [?] S1 jbrhdnos;jbrhdnos;\??\c:\windows\system32\drivers\jbrhdnos.sys --> c:\windows\system32\drivers\jbrhdnos.sys [?] S1 jbxcantg;jbxcantg;\??\c:\windows\system32\drivers\jbxcantg.sys --> c:\windows\system32\drivers\jbxcantg.sys [?] S1 jdaiwyvh;jdaiwyvh;\??\c:\windows\system32\drivers\jdaiwyvh.sys --> c:\windows\system32\drivers\jdaiwyvh.sys [?] S1 jdkunzzf;jdkunzzf;\??\c:\windows\system32\drivers\jdkunzzf.sys --> c:\windows\system32\drivers\jdkunzzf.sys [?] S1 jgehpztq;jgehpztq;\??\c:\windows\system32\drivers\jgehpztq.sys --> c:\windows\system32\drivers\jgehpztq.sys [?] S1 jgocwaps;jgocwaps;\??\c:\windows\system32\drivers\jgocwaps.sys --> c:\windows\system32\drivers\jgocwaps.sys [?] S1 jgsagnyf;jgsagnyf;\??\c:\windows\system32\drivers\jgsagnyf.sys --> c:\windows\system32\drivers\jgsagnyf.sys [?] S1 jqvlpjpc;jqvlpjpc;\??\c:\windows\system32\drivers\jqvlpjpc.sys --> c:\windows\system32\drivers\jqvlpjpc.sys [?] S1 jrszbaop;jrszbaop;\??\c:\windows\system32\drivers\jrszbaop.sys --> c:\windows\system32\drivers\jrszbaop.sys [?] S1 jspygwwm;jspygwwm;\??\c:\windows\system32\drivers\jspygwwm.sys --> c:\windows\system32\drivers\jspygwwm.sys [?] S1 jwwhxzpd;jwwhxzpd;\??\c:\windows\system32\drivers\jwwhxzpd.sys --> c:\windows\system32\drivers\jwwhxzpd.sys [?] S1 kbffughg;kbffughg;\??\c:\windows\system32\drivers\kbffughg.sys --> c:\windows\system32\drivers\kbffughg.sys [?] S1 kcelgqok;kcelgqok;\??\c:\windows\system32\drivers\kcelgqok.sys --> c:\windows\system32\drivers\kcelgqok.sys [?] S1 kejapzpu;kejapzpu;\??\c:\windows\system32\drivers\kejapzpu.sys --> c:\windows\system32\drivers\kejapzpu.sys [?] S1 kjscglac;kjscglac;\??\c:\windows\system32\drivers\kjscglac.sys --> c:\windows\system32\drivers\kjscglac.sys [?] S1 knstnyzn;knstnyzn;\??\c:\windows\system32\drivers\knstnyzn.sys --> c:\windows\system32\drivers\knstnyzn.sys [?] S1 kpniheya;kpniheya;\??\c:\windows\system32\drivers\kpniheya.sys --> c:\windows\system32\drivers\kpniheya.sys [?] S1 kubhuhgw;kubhuhgw;\??\c:\windows\system32\drivers\kubhuhgw.sys --> c:\windows\system32\drivers\kubhuhgw.sys [?] S1 kuvyncog;kuvyncog;\??\c:\windows\system32\drivers\kuvyncog.sys --> c:\windows\system32\drivers\kuvyncog.sys [?] S1 kxbbevua;kxbbevua;\??\c:\windows\system32\drivers\kxbbevua.sys --> c:\windows\system32\drivers\kxbbevua.sys [?] S1 kzrsawjq;kzrsawjq;\??\c:\windows\system32\drivers\kzrsawjq.sys --> c:\windows\system32\drivers\kzrsawjq.sys [?] S1 lbvnbgwq;lbvnbgwq;\??\c:\windows\system32\drivers\lbvnbgwq.sys --> c:\windows\system32\drivers\lbvnbgwq.sys [?] S1 ljnymlxf;ljnymlxf;\??\c:\windows\system32\drivers\ljnymlxf.sys --> c:\windows\system32\drivers\ljnymlxf.sys [?] S1 ljvjamza;ljvjamza;\??\c:\windows\system32\drivers\ljvjamza.sys --> c:\windows\system32\drivers\ljvjamza.sys [?] S1 lksgmgml;lksgmgml;\??\c:\windows\system32\drivers\lksgmgml.sys --> c:\windows\system32\drivers\lksgmgml.sys [?] S1 lkttnqvl;lkttnqvl;\??\c:\windows\system32\drivers\lkttnqvl.sys --> c:\windows\system32\drivers\lkttnqvl.sys [?] S1 lmgafgpj;lmgafgpj;\??\c:\windows\system32\drivers\lmgafgpj.sys --> c:\windows\system32\drivers\lmgafgpj.sys [?] S1 lnvhoifh;lnvhoifh;\??\c:\windows\system32\drivers\lnvhoifh.sys --> c:\windows\system32\drivers\lnvhoifh.sys [?] S1 lxhajrha;lxhajrha;\??\c:\windows\system32\drivers\lxhajrha.sys --> c:\windows\system32\drivers\lxhajrha.sys [?] S1 lxkkqpgr;lxkkqpgr;\??\c:\windows\system32\drivers\lxkkqpgr.sys --> c:\windows\system32\drivers\lxkkqpgr.sys [?] S1 lymrjfms;lymrjfms;\??\c:\windows\system32\drivers\lymrjfms.sys --> c:\windows\system32\drivers\lymrjfms.sys [?] S1 lzjibaav;lzjibaav;\??\c:\windows\system32\drivers\lzjibaav.sys --> c:\windows\system32\drivers\lzjibaav.sys [?] S1 malwljit;malwljit;\??\c:\windows\system32\drivers\malwljit.sys --> c:\windows\system32\drivers\malwljit.sys [?] S1 mejddmqd;mejddmqd;\??\c:\windows\system32\drivers\mejddmqd.sys --> c:\windows\system32\drivers\mejddmqd.sys [?] S1 mgclgcdv;mgclgcdv;\??\c:\windows\system32\drivers\mgclgcdv.sys --> c:\windows\system32\drivers\mgclgcdv.sys [?] S1 mgwpdzgu;mgwpdzgu;\??\c:\windows\system32\drivers\mgwpdzgu.sys --> c:\windows\system32\drivers\mgwpdzgu.sys [?] S1 miyusmvt;miyusmvt;\??\c:\windows\system32\drivers\miyusmvt.sys --> c:\windows\system32\drivers\miyusmvt.sys [?] S1 mkusyjit;mkusyjit;\??\c:\windows\system32\drivers\mkusyjit.sys --> c:\windows\system32\drivers\mkusyjit.sys [?] S1 mmmebvxi;mmmebvxi;\??\c:\windows\system32\drivers\mmmebvxi.sys --> c:\windows\system32\drivers\mmmebvxi.sys [?] S1 MpKsl0762ee87;MpKsl0762ee87;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8025E5C-CCD6-45F1-BA7C-3675ED2B1C4D}\MpKsl0762ee87.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8025E5C-CCD6-45F1-BA7C-3675ED2B1C4D}\MpKsl0762ee87.sys [?] S1 MpKsl3d06d771;MpKsl3d06d771;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C4E3303-B8AF-4019-9540-538501B6504B}\MpKsl3d06d771.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C4E3303-B8AF-4019-9540-538501B6504B}\MpKsl3d06d771.sys [?] S1 MpKsl8e6f2379;MpKsl8e6f2379;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F241F32-E833-4A87-962C-9E7DEAFA152C}\MpKsl8e6f2379.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F241F32-E833-4A87-962C-9E7DEAFA152C}\MpKsl8e6f2379.sys [?] S1 mqcyseel;mqcyseel;\??\c:\windows\system32\drivers\mqcyseel.sys --> c:\windows\system32\drivers\mqcyseel.sys [?] S1 mvufivpn;mvufivpn;\??\c:\windows\system32\drivers\mvufivpn.sys --> c:\windows\system32\drivers\mvufivpn.sys [?] S1 mwqcjdau;mwqcjdau;\??\c:\windows\system32\drivers\mwqcjdau.sys --> c:\windows\system32\drivers\mwqcjdau.sys [?] S1 mxcfchht;mxcfchht;\??\c:\windows\system32\drivers\mxcfchht.sys --> c:\windows\system32\drivers\mxcfchht.sys [?] S1 nkbxfznp;nkbxfznp;\??\c:\windows\system32\drivers\nkbxfznp.sys --> c:\windows\system32\drivers\nkbxfznp.sys [?] S1 nmvwwlpq;nmvwwlpq;\??\c:\windows\system32\drivers\nmvwwlpq.sys --> c:\windows\system32\drivers\nmvwwlpq.sys [?] S1 nniiorpp;nniiorpp;\??\c:\windows\system32\drivers\nniiorpp.sys --> c:\windows\system32\drivers\nniiorpp.sys [?] S1 npqvxeov;npqvxeov;\??\c:\windows\system32\drivers\npqvxeov.sys --> c:\windows\system32\drivers\npqvxeov.sys [?] S1 nqyshldv;nqyshldv;\??\c:\windows\system32\drivers\nqyshldv.sys --> c:\windows\system32\drivers\nqyshldv.sys [?] S1 nrdtqhgs;nrdtqhgs;\??\c:\windows\system32\drivers\nrdtqhgs.sys --> c:\windows\system32\drivers\nrdtqhgs.sys [?] S1 nvmknfip;nvmknfip;\??\c:\windows\system32\drivers\nvmknfip.sys --> c:\windows\system32\drivers\nvmknfip.sys [?] S1 nwvhrlxv;nwvhrlxv;\??\c:\windows\system32\drivers\nwvhrlxv.sys --> c:\windows\system32\drivers\nwvhrlxv.sys [?] S1 oaqbqfya;oaqbqfya;\??\c:\windows\system32\drivers\oaqbqfya.sys --> c:\windows\system32\drivers\oaqbqfya.sys [?] S1 ocfijsei;ocfijsei;\??\c:\windows\system32\drivers\ocfijsei.sys --> c:\windows\system32\drivers\ocfijsei.sys [?] S1 odalxqlr;odalxqlr;\??\c:\windows\system32\drivers\odalxqlr.sys --> c:\windows\system32\drivers\odalxqlr.sys [?] S1 ogufzfdx;ogufzfdx;\??\c:\windows\system32\drivers\ogufzfdx.sys --> c:\windows\system32\drivers\ogufzfdx.sys [?] S1 okcpiekk;okcpiekk;\??\c:\windows\system32\drivers\okcpiekk.sys --> c:\windows\system32\drivers\okcpiekk.sys [?] S1 oormitbk;oormitbk;\??\c:\windows\system32\drivers\oormitbk.sys --> c:\windows\system32\drivers\oormitbk.sys [?] S1 opklwhqa;opklwhqa;\??\c:\windows\system32\drivers\opklwhqa.sys --> c:\windows\system32\drivers\opklwhqa.sys [?] S1 osistzol;osistzol;\??\c:\windows\system32\drivers\osistzol.sys --> c:\windows\system32\drivers\osistzol.sys [?] S1 oukwvesc;oukwvesc;\??\c:\windows\system32\drivers\oukwvesc.sys --> c:\windows\system32\drivers\oukwvesc.sys [?] S1 ovlgeljj;ovlgeljj;\??\c:\windows\system32\drivers\ovlgeljj.sys --> c:\windows\system32\drivers\ovlgeljj.sys [?] S1 ovqsfcyh;ovqsfcyh;\??\c:\windows\system32\drivers\ovqsfcyh.sys --> c:\windows\system32\drivers\ovqsfcyh.sys [?] S1 owzkbwkd;owzkbwkd;\??\c:\windows\system32\drivers\owzkbwkd.sys --> c:\windows\system32\drivers\owzkbwkd.sys [?] S1 oxeowycq;oxeowycq;\??\c:\windows\system32\drivers\oxeowycq.sys --> c:\windows\system32\drivers\oxeowycq.sys [?] S1 pbhskxyo;pbhskxyo;\??\c:\windows\system32\drivers\pbhskxyo.sys --> c:\windows\system32\drivers\pbhskxyo.sys [?] S1 pbtvvesr;pbtvvesr;\??\c:\windows\system32\drivers\pbtvvesr.sys --> c:\windows\system32\drivers\pbtvvesr.sys [?] S1 pclbkmtr;pclbkmtr;\??\c:\windows\system32\drivers\pclbkmtr.sys --> c:\windows\system32\drivers\pclbkmtr.sys [?] S1 piaqqqnm;piaqqqnm;\??\c:\windows\system32\drivers\piaqqqnm.sys --> c:\windows\system32\drivers\piaqqqnm.sys [?] S1 piffbubo;piffbubo;\??\c:\windows\system32\drivers\piffbubo.sys --> c:\windows\system32\drivers\piffbubo.sys [?] S1 pklzvqbw;pklzvqbw;\??\c:\windows\system32\drivers\pklzvqbw.sys --> c:\windows\system32\drivers\pklzvqbw.sys [?] S1 pofnfzar;pofnfzar;\??\c:\windows\system32\drivers\pofnfzar.sys --> c:\windows\system32\drivers\pofnfzar.sys [?] S1 powfqwyp;powfqwyp;\??\c:\windows\system32\drivers\powfqwyp.sys --> c:\windows\system32\drivers\powfqwyp.sys [?] S1 qaevwfhf;qaevwfhf;\??\c:\windows\system32\drivers\qaevwfhf.sys --> c:\windows\system32\drivers\qaevwfhf.sys [?] S1 qauxgqdm;qauxgqdm;\??\c:\windows\system32\drivers\qauxgqdm.sys --> c:\windows\system32\drivers\qauxgqdm.sys [?] S1 qbygnaas;qbygnaas;\??\c:\windows\system32\drivers\qbygnaas.sys --> c:\windows\system32\drivers\qbygnaas.sys [?] S1 qcmxdffb;qcmxdffb;\??\c:\windows\system32\drivers\qcmxdffb.sys --> c:\windows\system32\drivers\qcmxdffb.sys [?] S1 qcqjeqdq;qcqjeqdq;\??\c:\windows\system32\drivers\qcqjeqdq.sys --> c:\windows\system32\drivers\qcqjeqdq.sys [?] S1 qiwpvqvv;qiwpvqvv;\??\c:\windows\system32\drivers\qiwpvqvv.sys --> c:\windows\system32\drivers\qiwpvqvv.sys [?] S1 qkifmafw;qkifmafw;\??\c:\windows\system32\drivers\qkifmafw.sys --> c:\windows\system32\drivers\qkifmafw.sys [?] S1 qknobraq;qknobraq;\??\c:\windows\system32\drivers\qknobraq.sys --> c:\windows\system32\drivers\qknobraq.sys [?] S1 qkqgzybe;qkqgzybe;\??\c:\windows\system32\drivers\qkqgzybe.sys --> c:\windows\system32\drivers\qkqgzybe.sys [?] S1 qrkhkyga;qrkhkyga;\??\c:\windows\system32\drivers\qrkhkyga.sys --> c:\windows\system32\drivers\qrkhkyga.sys [?] S1 qxizbcmn;qxizbcmn;\??\c:\windows\system32\drivers\qxizbcmn.sys --> c:\windows\system32\drivers\qxizbcmn.sys [?] S1 qzchegrv;qzchegrv;\??\c:\windows\system32\drivers\qzchegrv.sys --> c:\windows\system32\drivers\qzchegrv.sys [?] S1 rfvwjhzg;rfvwjhzg;\??\c:\windows\system32\drivers\rfvwjhzg.sys --> c:\windows\system32\drivers\rfvwjhzg.sys [?] S1 rgsodgxl;rgsodgxl;\??\c:\windows\system32\drivers\rgsodgxl.sys --> c:\windows\system32\drivers\rgsodgxl.sys [?] S1 rickzjui;rickzjui;\??\c:\windows\system32\drivers\rickzjui.sys --> c:\windows\system32\drivers\rickzjui.sys [?] S1 riymkghf;riymkghf;\??\c:\windows\system32\drivers\riymkghf.sys --> c:\windows\system32\drivers\riymkghf.sys [?] S1 rkgfdmcu;rkgfdmcu;\??\c:\windows\system32\drivers\rkgfdmcu.sys --> c:\windows\system32\drivers\rkgfdmcu.sys [?] S1 rkhlvtdu;rkhlvtdu;\??\c:\windows\system32\drivers\rkhlvtdu.sys --> c:\windows\system32\drivers\rkhlvtdu.sys [?] S1 rllzwdom;rllzwdom;\??\c:\windows\system32\drivers\rllzwdom.sys --> c:\windows\system32\drivers\rllzwdom.sys [?] S1 rtfvhdyj;rtfvhdyj;\??\c:\windows\system32\drivers\rtfvhdyj.sys --> c:\windows\system32\drivers\rtfvhdyj.sys [?] S1 rvcqiljy;rvcqiljy;\??\c:\windows\system32\drivers\rvcqiljy.sys --> c:\windows\system32\drivers\rvcqiljy.sys [?] S1 sbogkmqy;sbogkmqy;\??\c:\windows\system32\drivers\sbogkmqy.sys --> c:\windows\system32\drivers\sbogkmqy.sys [?] S1 sciusoqx;sciusoqx;\??\c:\windows\system32\drivers\sciusoqx.sys --> c:\windows\system32\drivers\sciusoqx.sys [?] S1 seamfbcm;seamfbcm;\??\c:\windows\system32\drivers\seamfbcm.sys --> c:\windows\system32\drivers\seamfbcm.sys [?] S1 serkedpa;serkedpa;\??\c:\windows\system32\drivers\serkedpa.sys --> c:\windows\system32\drivers\serkedpa.sys [?] S1 shxvkpip;shxvkpip;\??\c:\windows\system32\drivers\shxvkpip.sys --> c:\windows\system32\drivers\shxvkpip.sys [?] S1 sknlpefx;sknlpefx;\??\c:\windows\system32\drivers\sknlpefx.sys --> c:\windows\system32\drivers\sknlpefx.sys [?] S1 ssqrwrok;ssqrwrok;\??\c:\windows\system32\drivers\ssqrwrok.sys --> c:\windows\system32\drivers\ssqrwrok.sys [?] S1 suxvpivr;suxvpivr;\??\c:\windows\system32\drivers\suxvpivr.sys --> c:\windows\system32\drivers\suxvpivr.sys [?] S1 svginnnl;svginnnl;\??\c:\windows\system32\drivers\svginnnl.sys --> c:\windows\system32\drivers\svginnnl.sys [?] S1 tdnlnlxe;tdnlnlxe;\??\c:\windows\system32\drivers\tdnlnlxe.sys --> c:\windows\system32\drivers\tdnlnlxe.sys [?] S1 tjmmuhwj;tjmmuhwj;\??\c:\windows\system32\drivers\tjmmuhwj.sys --> c:\windows\system32\drivers\tjmmuhwj.sys [?] S1 tnenwtug;tnenwtug;\??\c:\windows\system32\drivers\tnenwtug.sys --> c:\windows\system32\drivers\tnenwtug.sys [?] S1 tnwzkbgu;tnwzkbgu;\??\c:\windows\system32\drivers\tnwzkbgu.sys --> c:\windows\system32\drivers\tnwzkbgu.sys [?] S1 tqgsyrfz;tqgsyrfz;\??\c:\windows\system32\drivers\tqgsyrfz.sys --> c:\windows\system32\drivers\tqgsyrfz.sys [?] S1 tqwjsaxg;tqwjsaxg;\??\c:\windows\system32\drivers\tqwjsaxg.sys --> c:\windows\system32\drivers\tqwjsaxg.sys [?] S1 tqxijuxp;tqxijuxp;\??\c:\windows\system32\drivers\tqxijuxp.sys --> c:\windows\system32\drivers\tqxijuxp.sys [?] S1 ttwtsjws;ttwtsjws;\??\c:\windows\system32\drivers\ttwtsjws.sys --> c:\windows\system32\drivers\ttwtsjws.sys [?] S1 twfqhodi;twfqhodi;\??\c:\windows\system32\drivers\twfqhodi.sys --> c:\windows\system32\drivers\twfqhodi.sys [?] S1 uaqrbbws;uaqrbbws;\??\c:\windows\system32\drivers\uaqrbbws.sys --> c:\windows\system32\drivers\uaqrbbws.sys [?] S1 ucpbwrsf;ucpbwrsf;\??\c:\windows\system32\drivers\ucpbwrsf.sys --> c:\windows\system32\drivers\ucpbwrsf.sys [?] S1 uirmafep;uirmafep;\??\c:\windows\system32\drivers\uirmafep.sys --> c:\windows\system32\drivers\uirmafep.sys [?] S1 uoagbkji;uoagbkji;\??\c:\windows\system32\drivers\uoagbkji.sys --> c:\windows\system32\drivers\uoagbkji.sys [?] S1 uripynmt;uripynmt;\??\c:\windows\system32\drivers\uripynmt.sys --> c:\windows\system32\drivers\uripynmt.sys [?] S1 urxiavpj;urxiavpj;\??\c:\windows\system32\drivers\urxiavpj.sys --> c:\windows\system32\drivers\urxiavpj.sys [?] S1 uswcglzm;uswcglzm;\??\c:\windows\system32\drivers\uswcglzm.sys --> c:\windows\system32\drivers\uswcglzm.sys [?] S1 uzxqoamd;uzxqoamd;\??\c:\windows\system32\drivers\uzxqoamd.sys --> c:\windows\system32\drivers\uzxqoamd.sys [?] S1 vcsxkkle;vcsxkkle;\??\c:\windows\system32\drivers\vcsxkkle.sys --> c:\windows\system32\drivers\vcsxkkle.sys [?] S1 vkpdyzhx;vkpdyzhx;\??\c:\windows\system32\drivers\vkpdyzhx.sys --> c:\windows\system32\drivers\vkpdyzhx.sys [?] S1 vlzhompo;vlzhompo;\??\c:\windows\system32\drivers\vlzhompo.sys --> c:\windows\system32\drivers\vlzhompo.sys [?] S1 vqvshtcb;vqvshtcb;\??\c:\windows\system32\drivers\vqvshtcb.sys --> c:\windows\system32\drivers\vqvshtcb.sys [?] S1 vqzrcrtd;vqzrcrtd;\??\c:\windows\system32\drivers\vqzrcrtd.sys --> c:\windows\system32\drivers\vqzrcrtd.sys [?] S1 vrtsozjn;vrtsozjn;\??\c:\windows\system32\drivers\vrtsozjn.sys --> c:\windows\system32\drivers\vrtsozjn.sys [?] S1 vuecksyp;vuecksyp;\??\c:\windows\system32\drivers\vuecksyp.sys --> c:\windows\system32\drivers\vuecksyp.sys [?] S1 vvffvelu;vvffvelu;\??\c:\windows\system32\drivers\vvffvelu.sys --> c:\windows\system32\drivers\vvffvelu.sys [?] S1 vywgsxvk;vywgsxvk;\??\c:\windows\system32\drivers\vywgsxvk.sys --> c:\windows\system32\drivers\vywgsxvk.sys [?] S1 wawdakco;wawdakco;\??\c:\windows\system32\drivers\wawdakco.sys --> c:\windows\system32\drivers\wawdakco.sys [?] S1 wdcjrcrr;wdcjrcrr;\??\c:\windows\system32\drivers\wdcjrcrr.sys --> c:\windows\system32\drivers\wdcjrcrr.sys [?] S1 whkfimyl;whkfimyl;\??\c:\windows\system32\drivers\whkfimyl.sys --> c:\windows\system32\drivers\whkfimyl.sys [?] S1 witvvxqc;witvvxqc;\??\c:\windows\system32\drivers\witvvxqc.sys --> c:\windows\system32\drivers\witvvxqc.sys [?] S1 wjsqwupc;wjsqwupc;\??\c:\windows\system32\drivers\wjsqwupc.sys --> c:\windows\system32\drivers\wjsqwupc.sys [?] S1 wpjfymyk;wpjfymyk;\??\c:\windows\system32\drivers\wpjfymyk.sys --> c:\windows\system32\drivers\wpjfymyk.sys [?] S1 wvrzmklz;wvrzmklz;\??\c:\windows\system32\drivers\wvrzmklz.sys --> c:\windows\system32\drivers\wvrzmklz.sys [?] S1 wvstuoeh;wvstuoeh;\??\c:\windows\system32\drivers\wvstuoeh.sys --> c:\windows\system32\drivers\wvstuoeh.sys [?] S1 wwruyjdf;wwruyjdf;\??\c:\windows\system32\drivers\wwruyjdf.sys --> c:\windows\system32\drivers\wwruyjdf.sys [?] S1 xgnujzol;xgnujzol;\??\c:\windows\system32\drivers\xgnujzol.sys --> c:\windows\system32\drivers\xgnujzol.sys [?] S1 xhytqemy;xhytqemy;\??\c:\windows\system32\drivers\xhytqemy.sys --> c:\windows\system32\drivers\xhytqemy.sys [?] S1 xipmiidn;xipmiidn;\??\c:\windows\system32\drivers\xipmiidn.sys --> c:\windows\system32\drivers\xipmiidn.sys [?] S1 xitbkdzd;xitbkdzd;\??\c:\windows\system32\drivers\xitbkdzd.sys --> c:\windows\system32\drivers\xitbkdzd.sys [?] S1 xjloodbp;xjloodbp;\??\c:\windows\system32\drivers\xjloodbp.sys --> c:\windows\system32\drivers\xjloodbp.sys [?] S1 xlccoujp;xlccoujp;\??\c:\windows\system32\drivers\xlccoujp.sys --> c:\windows\system32\drivers\xlccoujp.sys [?] S1 xrkouzzv;xrkouzzv;\??\c:\windows\system32\drivers\xrkouzzv.sys --> c:\windows\system32\drivers\xrkouzzv.sys [?] S1 xwgyukwk;xwgyukwk;\??\c:\windows\system32\drivers\xwgyukwk.sys --> c:\windows\system32\drivers\xwgyukwk.sys [?] S1 yvybihln;yvybihln;\??\c:\windows\system32\drivers\yvybihln.sys --> c:\windows\system32\drivers\yvybihln.sys [?] S1 zarsmdcb;zarsmdcb;\??\c:\windows\system32\drivers\zarsmdcb.sys --> c:\windows\system32\drivers\zarsmdcb.sys [?] S1 zbnrqcjg;zbnrqcjg;\??\c:\windows\system32\drivers\zbnrqcjg.sys --> c:\windows\system32\drivers\zbnrqcjg.sys [?] S1 zbviwtiv;zbviwtiv;\??\c:\windows\system32\drivers\zbviwtiv.sys --> c:\windows\system32\drivers\zbviwtiv.sys [?] S1 zdiitexw;zdiitexw;\??\c:\windows\system32\drivers\zdiitexw.sys --> c:\windows\system32\drivers\zdiitexw.sys [?] S1 zkodmnak;zkodmnak;\??\c:\windows\system32\drivers\zkodmnak.sys --> c:\windows\system32\drivers\zkodmnak.sys [?] S1 zlpatdca;zlpatdca;\??\c:\windows\system32\drivers\zlpatdca.sys --> c:\windows\system32\drivers\zlpatdca.sys [?] S1 zlpwltlw;zlpwltlw;\??\c:\windows\system32\drivers\zlpwltlw.sys --> c:\windows\system32\drivers\zlpwltlw.sys [?] S1 zpmptgib;zpmptgib;\??\c:\windows\system32\drivers\zpmptgib.sys --> c:\windows\system32\drivers\zpmptgib.sys [?] S1 zrekrxjp;zrekrxjp;\??\c:\windows\system32\drivers\zrekrxjp.sys --> c:\windows\system32\drivers\zrekrxjp.sys [?] S1 zromcnhg;zromcnhg;\??\c:\windows\system32\drivers\zromcnhg.sys --> c:\windows\system32\drivers\zromcnhg.sys [?] S1 zrqfvdrp;zrqfvdrp;\??\c:\windows\system32\drivers\zrqfvdrp.sys --> c:\windows\system32\drivers\zrqfvdrp.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 8:30 PM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 8:30 PM 135664] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/3/2011 9:44 AM 30576] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 14:36 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57] . 2012-07-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-24 12:15] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:30] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:30] . 2012-07-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.11.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-22 08:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,2f,b8,62,2d,ab,a9,43,97,72,3d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,2f,b8,62,2d,ab,a9,43,97,72,3d,\ . [HKEY_USERS\S-1-5-21-448539723-1482476501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-448539723-1482476501-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:fd,43,12,dd,77,ea,aa,98,9e,a0,2e,a9,cb,61,8f,83,df,2a,b0,ca,44, 23,ea,2b,49,21,75,33,6b,97,e7,7b,bf,f6,12,0f,e8,e0,ca,33,b7,73,d6,b0,9a,ca,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(892) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(2764) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\RTHDCPL.EXE c:\program files\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe c:\program files\Zune\ZuneBusEnum.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Memeo\AutoBackup\InstantBackup.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\windows\system32\msiexec.exe c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2012-07-22 09:07:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-22 13:06 . Pre-Run: 39,629,840,384 bytes free Post-Run: 39,865,618,432 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 2C7965A835FDA91B1677D46CB14D9957

Hello - below is the ComboFix report. I had to send it in 2 seperate posts because of its length, . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] "Steam"="c:\program files\steam\steam.exe" [2012-07-22 1242448] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-30 39408] "BitTorrent DNA"="c:\program files\DNA\btdna .exe" [2009-11-13 323392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416] "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "Tt eSPORTS BLACK Gaming Mouse"="c:\program files\Thermaltake\Tt eSPORTS BLACK\Black.exe" [2011-01-06 13346600] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-24 98304] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [N/A] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" [N/A] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"= "c:\\Documents and Settings\\Mike\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\DNA\\btdna .exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\dead island\\DeadIslandGame.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\red orchestra 2\\Binaries\\Win32\\ROGame.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\Just Cause 2\\JustCause2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2Launcher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2Launcher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\specops_theline\\Binaries\\Win32\\SpecOpsTheLine.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=

Hello - i just ran comboFix and it is preparing log report and is just hanging. I believe it isn't completing the report becasue the red shield has the baloon above it saying "your computer may be at risk, your antivrus .............Click this baloon". Any ideas on how I should proceed?

FTI - I am now getting the Windows Secuirty Alert red shield in the bottom tray which I believe is a fake?

Here is the report from Roguekiller: RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Mike [Admin rights] Mode: Scan -- Date: 07/22/2012 07:11:19 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [Faked.Drv][FAKED] ati2mtag.sys : c:\windows\system32\drivers\ati2mtag.sys --> CANNOT FIX [Faked.Drv][FAKED] Hdaudio.sys : c:\windows\system32\drivers\Hdaudio.sys --> CANNOT FIX [Faked.Drv][FAKED] rndismpx.sys : c:\windows\system32\drivers\rndismpx.sys --> CANNOT FIX [Faked.Drv][FAKED] RtkHDAud.sys : c:\windows\system32\drivers\RtkHDAud.sys --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA6DB1D4) SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xBA6DB18E) SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA6DB1DE) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA6DB184) SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xBA6DB193) SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xBA6DB19D) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA6DB1CF) SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xBA6DB1A2) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA6DB170) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA6DB175) SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xBA6DB1F7) SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xBA6DB1AC) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA6DB1E8) SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xBA6DB1A7) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA6DB1E3) SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA6DB1ED) SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xBA6DB198) SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xBA6DB1F2) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA6DB17F) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA6DB206) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA6DB20B) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-00B3A0 +++++ --- User --- [MBR] d3c1cb009894692c1feccc2ba5620442 [bSP] 77c86a332690e0fe94a4cc5d83d97c0a : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Hello and thanks again for your help. 1. Somthing is up with DNA - I removed it from Control Panel - add/remove programs but i still see it in my program files and I tried deleting it and got and error saying that Cannot delete BTNA access is denied. 2. I removed MS Security Essentials 3. Getting RK Report after I log off