CaseyJ000

Seems to be good. It's running Zbrush and that's the most important thing. So soon I delete OTL and turn off Defogger?

Now I'm just getting these 2 errors and warnings in Event Viewer. The AEGIS Protocol (IEEE 802.1x) v2.3.1.9 service failed to start due to the following error: The system cannot find the file specified. The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. Monitor the system events displayed in the Event Viewer to make sure that a more serious problem does not exist.

It says: [sC} DeleteService SUCCESS That sounds good right?

Kahdah said "The DS1410D service failed to start due to the following error: The system cannot find the file specified. ( this seems to be a printer error I see from the internet) This error can be fixed instructions are here: http://support.citri...ticle/CTX106399 " link says: 1. Delete/rename the following files: DS1410D.SYS and IB10E32.DLL. This will disable any parallel port operation. 2. Backup and remove the DS1410D registry key located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services I've included Screengrabs of what my registry looks like I can't find DS1410D.SYS in drive C only in old Drive H. I can't find the IB10E32.DLL How should I proceed? I'm not sure from how my registry looks what to do to what key. I see this webpage on how to edit the registry: http://support.microsoft.com/kb/136393 Thanks! DS1410D_002.zip

kahdah said "Old wireless software is the cause of this error : \SystemRoot\SysWow64\DRIVERS\mdc8021x.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Have you ever had any wireless software installed?" I wonder if I hit a wrong preference when I set up my router years ago. I don't use wireless. So I need to remove whatever this driver is. Do I just delete it?

{These are all from last night, {6-15-11}I ran the Disk check again and installed Java updates and Windows updates including Windows Malicious software removal update. I uninstalled Lavasoft because since yesterday it was putting up update screens which didn't do anything. I had installed the Defogger previously} \SystemRoot\SysWow64\DRIVERS\mdc8021x.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. The DS1410D service failed to start due to the following error: The system cannot find the file specified. ( this seems to be a printer error I see from the internet) The AEGIS Protocol (IEEE 802.1x) v2.3.1.9 service failed to start due to the following error: This driver has been blocked from loading The Lavasoft helper driver service failed to start due to the following error: A device attached to the system is not functioning. Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. ( I did use the Defogger) The DS1410D service failed to start due to the following error: The system cannot find the file specified. \SystemRoot\SysWow64\DRIVERS\mdc8021x.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6-14-11 The AEGIS Protocol (IEEE 802.1x) v2.3.1.9 service failed to start due to the following error: This driver has been blocked from loading The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer. 6-12-11 The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C: The device, \Device\Harddisk0\DR0, has a bad block. {I got a bunch of these Bad Blocks and followed by C is corrupt I got this right after I made one of the logs. I didn't run the disk check immediately, but did it when you asked me which was soon after} 6-11 {I saw these Windows delated write popups on this day which made me think the malware had gotten into my computer} The system failed to flush data to the transaction log. Corruption may occur. Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \Device\HarddiskVolume3\$Mft. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere. 6-10-11 ( got about 30 of these at 9:04PM) The device, \Device\Harddisk0\DR0, has a bad block. 6-9-11 {I got a whole stream of disk errors after returning from a trip about 30 of these between 6:42 and 6:43} An error was detected on device \Device\Harddisk1\DR3 during a paging operation. 5-31-11 { got a bunch of these, they seem to have subsided now} Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected. {I have a bunch of IP error also around 5-31-11 when we left on our trip and my wife's machine was infected, I've added some XXX to the IPs} Your computer has automatically configured the IP address for the Network Card with network address 00188B1EXXX. The IP address being used is 169.254.193.XXX. Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00188B1E7XXX. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. The name "HOME :1d" could not be registered on the Interface with IP address 169.254.193.XXX. The machine with the IP address 169.254.74.XXdid not allow the name to be claimed by this machine. Your computer has automatically configured the IP address for the Network Card with network address 00188B1E7EFB. The IP address being used is 169.254.193.XXX. 5-24-11 ( there are periodic errors like this which seem to have subsided) The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. Monitor the system events displayed in the Event Viewer to make sure that a more serious problem does not exist.

When the Disk Check started it gave a message Deleting corrupt Attribute record (128,$bad)from file record seg 8 I had to leave and didn't see the full Disk Check and restart

Here are the OTL Files. Thanks!! OTL.zip

Should I uninstall Combo Fix? Thanks!

Please then delete the following 2 files if present: ~18407204r ~18407204 ( yes they were there and I deleted them.) Here's the Outlook Express story: However suddenly after working temporarily, Outlook Express, won't start, first giving error Ox800cO12E5, then "please compact folders", which doesn't work. Then "MSOE.dll won't initialize." ( I suspect there was a problem which occured when I emptied the quarantine file in Super Anti Spyware. I looked up all these errors on the internet and didn't get a solution.

I just want to see if I can restore the Outlook Express on this machine. The initial basic startup errors didn't come up just now. I have the program that analyzes whether your system can upgrade to Windows 7. So now that the system seems more clean I can try it out. Any thoughts on how to do checks on my other system that is Windows XP 64 bit? Thanks!!!!!!!! OTL.zip

Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6841 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2011 9:53:46 AM mbam-log-2011-06-12 (09-53-46).txt Scan type: Quick scan Objects scanned: 157348 Time elapsed: 4 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETscan.txt E:\Backup\backup5_15_11\Local Disk ©\Documents and Settings\Frances\Local Settings\Temp\jar_cache5081035465487671878.tmp a variant of Java/TrojanDownloader.OpenStream.NCE trojan deleted - quarantined

I have a Windows XP 64 bit computer. "dds.scr" isn't supported, (it runs on Windows 7 64 bit though.) GMER ran but with many of the checkboxes greyed out. It gave a message "there was no system modifications" but didn't produce any logs. I have the Full version of Malwarebytes and have another thread going about my wife's computer which was infected with the Windows XP Anti-Virus malware. I wanted to check my computer as I've pulled things back and forth on USB sticks between the 2 computers. Here's the Malwarebytes logs including the protection logs. One of the Protection logs says that there is no IP protection. I don't know if that is because I have run Defogger, or that I was running the GMER scan. mbam-log-2011-06-11 (20-56-46).txt Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6837 Windows 5.2.3790 Service Pack 2 Internet Explorer 8.0.6001.18702 6/11/2011 8:56:46 PM mbam-log-2011-06-11 (20-56-46).txt Scan type: Full scan (C:\|F:\|) Objects scanned: 347786 Time elapsed: 1 hour(s), 33 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) protection-log-2011-06-11.txt 16:01:57 Administrator MESSAGE Scheduled update executed successfully 16:02:05 Administrator MESSAGE Database updated successfully protection-log-2011-06-12.txt 04:58:26 Administrator MESSAGE Protection started successfully 04:58:30 Administrator ERROR IP protection failed: PfMakeLog failed with error code 122

Here are the scans for my wife's computer. I'm thinking I'll probably have to do my own computer also as I've had to bring things back and forth on a USB stick previous to today when the initial infection occured to my wife's computer. They're comnected by Router also. I'm running a Malwarebytes scan on my own computer now. Then I guess I'll do the defogger, and GMER Rootkit scan to start. Thanks! ComboFix.zip

Thanks for the quick response. I thought I might get an email notification, but I refreshed the page and found your response. Here's the .txt files, they look suspicious. I'm posting them as an attachment, I'm getting a "too long" error posting them on here, and I don't want to post them one at a time. Extras.zip

My wife got the XP Anti-Virus 2011 malware. We used your Malwarebytes Anti Malware. Followed that with Super Anti Spyware. We have Windows XP, of course. We bought the full version of Malwarebytes. System restore fails. However suddenly after working temporarily, Outlook Express, won't start, first giving error Ox800cO12E5, then "please compact folders", which doesn't work. Then "MSOE.dll won't initialize." ( I suspect there was a problem which occured when I emptied the quarantine file in Super Anti Spyware. I looked up all these errors on the internet and didn't get a solution. I'm getting startup errors also, but those were happening before. I ran the two anti Virus programs again, Uninstalled Internet Explorer, and Outlook express, Installed Internet explorer 8, and backed up, and deleted all the .dbx files on C. Nothing worked. I'm considering upgrading to Windows 7, but I'm not sure if there is an ongoing Virus problem. We're still getting some virus redirects very occasionally. I backed up the data on the C drive manually to an external drive when the virus attack happened because the Virus sends messages that your hard drive is being emptied. Later I scanned the external drive and found the same Virus entries as the C drive and deleted them. One of them was in the Adobe folder. I've read a large amount of your forums and we do have a hard wired router. I'm wondering if registry identities are gone, but I'm not sure. We also have a large amount of System Restore checkpoints which aren't doing anything so the virus may be in there too. I only get "Administrator" and my wife's name to log in on in Safe Mode. These options used to always come up in regular reboots. We haven't been getting redirects, and the full version of Malwarebytes is catching bad websites. I suspect I will have to reinstall the operating system which is Windows XP Service Pack 3. I've raed some info on creating a disk to do this on the internet but it sounds risky. We're also willing to upgrade to Windows 7 but are not sure the computer can handle it. Here are the requested logs. We've also started to get a "protection-log" from the full version of Malwarebytes so I'm attaching that also. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6822 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/10/2011 9:51:38 AM mbam-log-2011-06-10 (09-51-38).txt Scan type: Full scan (C:\|) Objects scanned: 289080 Time elapsed: 1 hour(s), 44 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ______________________________________________ dds.txt . DDS (Ver_2011-06-11.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Frances at 20:51:55 on 2011-06-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.498 [GMT -7:00] . AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe svchost.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\frxhser.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\frxhapp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iyumu] rundll32.exe "c:\windows\olpinef.dll",Startup mRun: [frxmxins] frxmxins mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [symNRT] "c:\docume~1\frances\locals~1\temp\7zsd6.tmp\SymNRT.exe" /unrun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Ttucoqu] rundll32.exe "c:\windows\eqipuzeg.dll",Startup mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [FGLRXDetectPnPMonitor] rundll32 fglrxmon.dll,MonitorDetect StartupFolder: c:\docume~1\frances\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.clarkcolor.com/ClarkActivia.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aon.webex.com/client/T25L10NSP41EP7/webex/ieatgpc.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{7A7E11BE-51A3-42F3-8CDD-67FC3AD14385} : DhcpNameServer = 192.168.1.254 Notify: AtiExtEvent - Ati2evxx.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli scecli %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\frances\application data\mozilla\firefox\profiles\pi4kvmcf.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: XULRunner: {48BF889F-7EAE-46CC-B169-868099FD650E} - c:\documents and settings\frances\local settings\application data\{48BF889F-7EAE-46CC-B169-868099FD650E} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008] R1 SASDIFSV;SASDIFSV;c:\docume~1\frances\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\docume~1\frances\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144] R2 FGLRXUtil;FGLRXUTIL;c:\windows\system32\frxhser.exe [2005-1-16 53248] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-14 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-14 22712] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 PPPoEService;PPPoE Service;c:\progra~1\nts\entern~1\app\pppoeservice.exe --> c:\progra~1\nts\entern~1\app\pppoeservice.exe [?] S3 atifglrx;atifglrx;c:\windows\system32\drivers\fglrxm.sys [2005-1-16 417061] . =============== Created Last 30 ================ . 2011-05-26 05:17:58 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-26 05:10:35 -------- d-----w- c:\program files\hitmanPro 2011-05-26 05:08:43 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2011-05-17 04:12:45 -------- dc-h--w- c:\windows\ie8 2011-05-17 04:00:40 -------- d-----w- c:\program files\test 2011-05-17 03:11:12 -------- d-----w- c:\documents and settings\frances\application data\SUPERAntiSpyware.com 2011-05-17 03:11:12 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-05-17 02:24:52 -------- d-----w- c:\program files\Citrix 2011-05-17 02:24:47 -------- d-----w- c:\documents and settings\frances\local settings\application data\Citrix 2011-05-17 02:24:43 103784 ----a-w- c:\documents and settings\frances\GoToAssistDownloadHelper.exe 2011-05-16 04:39:51 -------- d-----w- c:\windows\Performance 2011-05-16 00:28:51 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2011-05-16 00:28:50 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2011-05-16 00:28:49 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2011-05-16 00:28:49 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2011-05-16 00:28:48 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2011-05-16 00:28:20 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2011-05-16 00:28:19 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2011-05-16 00:28:18 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2011-05-16 00:28:10 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys 2011-05-16 00:28:09 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2011-05-16 00:28:07 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2011-05-16 00:27:28 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2011-05-16 00:27:22 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys 2011-05-16 00:27:22 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys 2011-05-16 00:27:10 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2011-05-16 00:27:06 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll 2011-05-16 00:27:05 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2011-05-16 00:27:01 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys 2011-05-16 00:27:00 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys 2011-05-16 00:25:59 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll 2011-05-16 00:24:58 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll 2011-05-16 00:23:54 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2011-05-16 00:22:54 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys 2011-05-16 00:21:51 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll 2011-05-16 00:20:58 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys 2011-05-16 00:19:39 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys 2011-05-16 00:19:38 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys 2011-05-16 00:19:36 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2011-05-16 00:19:27 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys 2011-05-16 00:19:19 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys 2011-05-16 00:19:12 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys 2011-05-16 00:19:05 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys 2011-05-16 00:19:02 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys 2011-05-16 00:19:01 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll 2011-05-16 00:17:56 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-05-16 00:17:34 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys 2011-05-16 00:17:34 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys 2011-05-16 00:17:33 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll 2011-05-16 00:17:33 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys 2011-05-16 00:17:32 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys 2011-05-16 00:17:32 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe 2011-05-16 00:17:24 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll 2011-05-16 00:17:24 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys 2011-05-16 00:17:23 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys 2011-05-16 00:17:22 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys 2011-05-16 00:17:22 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys 2011-05-16 00:15:50 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys 2011-05-16 00:14:58 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys 2011-05-16 00:13:59 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2011-05-16 00:12:58 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll 2011-05-16 00:11:59 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys 2011-05-16 00:10:59 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys 2011-05-16 00:09:59 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys 2011-05-16 00:08:15 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-05-15 22:32:13 -------- d-----w- c:\documents and settings\frances\local settings\application data\Microsoft Corporation 2011-05-15 22:30:58 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2011-05-15 00:51:19 -------- d-----w- c:\documents and settings\frances\application data\Malwarebytes 2011-05-15 00:50:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-15 00:50:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-05-15 00:50:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-15 00:50:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-15 00:39:38 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-05-15 00:22:29 767952 ----a-w- c:\windows\BDTSupport.dll 2011-05-15 00:22:29 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-05-15 00:22:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2011-05-15 00:22:28 1652688 ----a-w- c:\windows\PCTBDCore.dll 2011-05-15 00:22:10 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-05-15 00:22:00 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-05-15 00:22:00 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-05-15 00:21:50 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-05-15 00:21:29 -------- d-----w- c:\program files\common files\PC Tools 2011-05-15 00:21:29 -------- d-----w- c:\documents and settings\all users\application data\PC Tools . ==================== Find3M ==================== . 2011-04-05 23:03:32 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-04-05 23:03:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll . ============= FINISH: 20:53:44.25 =============== attach.zip