Possible Rootkit?

[frustratedtotheex]

OTL Again

[2012/01/01 19:58:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll

[2012/01/01 19:58:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll

[2012/01/01 19:58:29 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll

[2012/01/01 19:58:29 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe

[2012/01/01 19:58:29 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll

[2012/01/01 19:58:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll

[2012/01/01 19:58:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe

[2012/01/01 19:58:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe

[2012/01/01 19:58:29 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll

[2012/01/01 19:58:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll

[2012/01/01 19:58:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll

[2012/01/01 19:58:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe

[2012/01/01 19:58:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll

[2012/01/01 19:58:26 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll

[2012/01/01 19:58:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll

[2012/01/01 19:58:25 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll

[2012/01/01 19:58:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll

[2012/01/01 19:58:24 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll

[2012/01/01 19:58:24 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll

[2012/01/01 19:58:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll

[2012/01/01 19:58:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe

[2012/01/01 19:58:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe

[2012/01/01 19:58:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe

[2012/01/01 19:58:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll

[2012/01/01 19:58:23 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll

[2012/01/01 19:58:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll

[2012/01/01 18:59:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll

[2012/01/01 18:55:12 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll

[2012/01/01 18:52:35 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll

[2012/01/01 18:52:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll

[2012/01/01 18:52:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll

[2012/01/01 18:52:33 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll

[2012/01/01 18:52:33 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll

[2012/01/01 18:51:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2012/01/01 18:51:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2012/01/01 18:48:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe

[2012/01/01 18:48:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe

[2012/01/01 18:48:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll

[2012/01/01 18:48:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2012/01/01 18:39:07 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2012/01/01 18:39:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2012/01/01 18:23:55 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll

[2012/01/01 18:23:54 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll

[2012/01/01 18:23:54 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll

[2012/01/01 18:23:54 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll

[2012/01/01 18:23:54 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll

[2012/01/01 18:23:53 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll

[2012/01/01 18:23:53 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll

[2012/01/01 18:23:53 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll

[2012/01/01 18:23:52 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll

[2012/01/01 18:23:52 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll

[2012/01/01 18:23:51 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll

[2012/01/01 18:23:51 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll

[2012/01/01 18:23:50 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll

[2012/01/01 18:23:49 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll

[2012/01/01 18:23:49 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll

[2012/01/01 18:23:48 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll

[2012/01/01 18:23:48 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll

[2012/01/01 18:23:47 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll

[2012/01/01 18:23:47 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll

[2012/01/01 18:23:45 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll

[2012/01/01 18:23:45 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll

[2012/01/01 18:23:45 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll

[2012/01/01 18:23:44 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll

[2012/01/01 18:23:44 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll

[2012/01/01 18:23:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll

[2012/01/01 18:23:43 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll

[2012/01/01 18:23:42 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll

[2012/01/01 18:23:41 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll

[2012/01/01 18:23:40 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll

[2012/01/01 18:23:40 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll

[2012/01/01 18:23:40 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll

[2012/01/01 18:23:39 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll

[2012/01/01 18:23:39 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll

[2012/01/01 18:23:38 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll

[2012/01/01 18:23:38 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll

[2012/01/01 18:23:37 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll

[2012/01/01 18:23:37 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll

[2012/01/01 18:23:36 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll

[2012/01/01 18:23:36 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll

[2012/01/01 18:23:35 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll

[2012/01/01 18:23:35 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll

[2012/01/01 18:23:34 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll

[2012/01/01 18:23:34 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll

[2012/01/01 18:23:34 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll

[2012/01/01 18:23:33 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll

[2012/01/01 18:23:33 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll

[2012/01/01 18:23:33 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll

[2012/01/01 18:23:32 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll

[2012/01/01 18:23:32 | 001,966,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll

[2012/01/01 18:23:31 | 003,466,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll

[2012/01/01 18:23:31 | 002,657,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll

[2012/01/01 18:23:31 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll

[2012/01/01 18:23:30 | 004,497,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll

[2012/01/01 18:23:30 | 001,523,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll

[2012/01/01 18:23:29 | 002,599,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll

[2012/01/01 18:23:29 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll

[2012/01/01 18:23:29 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll

[2012/01/01 18:23:28 | 004,875,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll

[2012/01/01 18:23:28 | 002,243,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll

[2012/01/01 18:23:27 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll

[2012/01/01 18:23:27 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll

[2012/01/01 18:23:27 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll

[2012/01/01 18:23:26 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll

[2012/01/01 18:23:26 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll

[2012/01/01 18:23:25 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll

[2012/01/01 18:23:25 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll

[2012/01/01 18:23:25 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll

[2012/01/01 18:23:24 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll

[2012/01/01 18:23:23 | 009,847,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll

[2012/01/01 18:23:23 | 002,643,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll

[2012/01/01 18:23:23 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll

[2012/01/01 18:23:22 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll

[2012/01/01 18:23:22 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll

[2012/01/01 18:23:21 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll

[2012/01/01 18:23:21 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll

[2012/01/01 18:23:20 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll

[2012/01/01 18:23:20 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll

[2012/01/01 18:23:19 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll

[2012/01/01 18:18:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll

[2012/01/01 17:34:10 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll

[2012/01/01 17:27:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2012/01/01 17:24:09 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2012/01/01 17:14:53 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2012/01/01 17:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/01/01 16:59:18 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2012/01/01 16:56:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll

[2012/01/01 16:56:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll

[2012/01/01 16:52:48 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Microsoft Help

[2012/01/01 16:48:21 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2012/01/01 16:48:21 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2012/01/01 16:48:21 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2012/01/01 16:48:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2012/01/01 16:48:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2012/01/01 16:48:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2012/01/01 16:48:20 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2012/01/01 16:48:20 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2012/01/01 16:48:20 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2012/01/01 16:46:02 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2012/01/01 16:46:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2012/01/01 16:46:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2012/01/01 16:46:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2012/01/01 16:05:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2012/01/01 16:05:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2012/01/01 16:05:09 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012/01/01 16:04:13 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

[2012/01/01 15:57:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll

[2012/01/01 15:57:49 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE

[2012/01/01 15:57:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE

[2012/01/01 15:57:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE

[2012/01/01 15:57:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE

[2012/01/01 15:57:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe

[2012/01/01 15:57:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE

[2012/01/01 15:51:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb

[2012/01/01 15:51:35 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb

[2012/01/01 15:50:27 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm

[2012/01/01 15:50:27 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2012/01/01 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/01/01 15:30:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/01/01 15:25:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/12/28 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2011/12/28 12:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[2011/12/28 12:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics

[2011/12/28 12:03:59 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys

[2011/12/28 12:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros

[2011/12/28 12:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros

[2011/12/28 12:03:07 | 000,269,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RTKVADDA.EXE

[2011/12/28 12:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM

[2011/12/28 12:02:19 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2011/12/28 12:02:17 | 004,669,440 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2011/12/28 12:02:17 | 002,048,000 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll

[2011/12/28 12:02:17 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe

[2011/12/28 12:02:17 | 000,563,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll

[2011/12/28 12:02:17 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl

[2011/12/28 12:02:17 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll

[2011/12/28 12:02:17 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll

[2011/12/28 12:02:17 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll

[2011/12/28 12:02:17 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll

[2011/12/28 12:02:17 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll

[2011/12/28 12:02:17 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll

[2011/12/28 12:02:17 | 000,017,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll

[2011/12/28 12:02:04 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2011/12/28 12:02:04 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2011/12/28 12:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011/12/28 11:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2011/12/28 11:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager

[2011/12/28 11:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2011/12/28 11:56:47 | 000,007,680 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys

[2011/12/28 11:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/12/28 11:51:26 | 000,031,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2011/12/28 11:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2011/12/28 11:50:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/12/28 11:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2011/12/28 11:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2011/12/28 11:47:36 | 000,000,000 | R--D | C] -- C:\MSOCache

[2011/12/28 11:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2011/12/28 11:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

[2011/12/28 11:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2011/12/28 11:44:39 | 000,000,000 | ---D | C] -- C:\WORKSSETUP

[2011/12/28 11:38:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2011/12/28 11:35:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/12/28 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\ATI

[2011/12/28 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\ATI

[2011/12/28 09:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011/12/28 09:18:47 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Toshiba

[2011/12/28 09:18:43 | 000,000,000 | ---D | C] -- C:\Users\Mary\Documents\My Google Gadgets

[2011/12/28 09:18:39 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Google

[2011/12/28 09:18:14 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011/12/28 09:18:14 | 000,000,000 | R--D | C] -- C:\Users\Mary\Searches

[2011/12/28 09:18:14 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/12/28 09:18:04 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Identities

[2011/12/28 09:18:01 | 000,000,000 | R--D | C] -- C:\Users\Mary\Contacts

[2011/12/28 09:17:44 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\VirtualStore

[2011/12/28 09:17:36 | 000,000,000 | --SD | C] -- C:\Users\Mary\AppData\Roaming\Microsoft

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Videos

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Saved Games

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Pictures

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Music

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Links

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Favorites

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Downloads

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Documents

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\Desktop

[2011/12/28 09:17:36 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\Temporary Internet Files

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Templates

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Start Menu

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\SendTo

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Recent

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\PrintHood

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\NetHood

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Videos

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Pictures

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Music

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\My Documents

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Local Settings

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\History

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Cookies

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Application Data

[2011/12/28 09:17:36 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\Application Data

[2011/12/28 09:17:36 | 000,000,000 | -H-D | C] -- C:\Users\Mary\AppData

[2011/12/28 09:17:36 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Microsoft

[2011/12/28 09:17:36 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Media Center Programs

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 20:56:20 | 000,879,683 | ---- | M] () -- C:\Users\Mary\Desktop\SecurityCheck.exe

[2012/01/10 20:53:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe

[2012/01/10 19:39:10 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/01/10 19:39:10 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/01/10 19:32:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/10 19:32:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/10 19:31:09 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/01/10 19:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/10 19:30:22 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/10 19:27:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012/01/10 18:57:35 | 000,000,512 | ---- | M] () -- C:\Users\Mary\Desktop\MBR.dat

[2012/01/10 18:54:38 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe

[2012/01/10 18:53:00 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe

[2012/01/10 18:51:45 | 000,000,924 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/01/10 18:51:26 | 000,000,744 | ---- | M] () -- C:\Users\Mary\Desktop\NTREGOPT.lnk

[2012/01/10 18:51:26 | 000,000,725 | ---- | M] () -- C:\Users\Mary\Desktop\ERUNT.lnk

[2012/01/02 09:17:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/01/02 09:17:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/01/02 09:17:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/01/02 09:17:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012/01/02 09:00:05 | 000,000,680 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat

[2012/01/02 08:47:00 | 000,000,954 | ---- | M] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/01/02 08:41:33 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2012/01/02 08:41:33 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2012/01/02 08:41:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2012/01/02 08:41:21 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2012/01/02 08:41:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2012/01/02 08:41:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2012/01/02 08:41:21 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/01/02 08:41:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2012/01/02 08:41:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2012/01/02 08:41:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2012/01/02 08:41:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2012/01/02 08:41:20 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/01/02 08:41:20 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2012/01/02 08:41:19 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2012/01/02 08:41:19 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/01/02 08:41:19 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2012/01/02 08:41:19 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2012/01/02 08:41:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/01/02 08:41:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2012/01/02 08:41:19 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2012/01/02 08:41:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2012/01/02 08:41:19 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2012/01/02 08:41:19 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2012/01/02 08:41:18 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/01/02 08:41:18 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2012/01/02 08:41:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2012/01/02 08:41:18 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2012/01/02 08:41:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/01/02 08:41:17 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/01/02 08:41:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2012/01/02 08:41:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2012/01/02 08:41:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/01/02 08:41:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2012/01/02 08:41:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2012/01/02 08:41:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2012/01/02 08:41:17 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2012/01/02 08:41:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2012/01/02 08:41:15 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2012/01/02 08:41:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2012/01/02 08:41:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2012/01/02 08:39:31 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2012/01/02 08:39:31 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2012/01/02 08:39:31 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2012/01/02 08:39:31 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2012/01/02 08:39:31 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2012/01/02 08:39:31 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2012/01/02 08:39:30 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2012/01/02 08:39:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2012/01/02 08:39:23 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012/01/02 08:39:23 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2012/01/02 08:39:22 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012/01/02 08:39:22 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2012/01/02 08:39:22 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2012/01/02 08:39:22 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012/01/02 08:39:22 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2012/01/02 08:39:22 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012/01/02 08:39:21 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2012/01/02 08:39:21 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2012/01/02 08:39:21 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2012/01/02 08:39:21 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2012/01/02 08:39:20 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2012/01/02 08:35:05 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui

[2012/01/02 08:35:03 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2012/01/02 08:35:03 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2012/01/02 08:35:03 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe

[2012/01/02 08:35:03 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll

[2012/01/02 08:35:02 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2012/01/02 08:35:02 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2012/01/02 07:55:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2012/01/01 20:31:21 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll

[2012/01/01 20:31:09 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll

[2012/01/01 20:23:19 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl

[2012/01/01 18:59:52 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll

[2012/01/01 18:55:12 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll

[2012/01/01 18:52:35 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll

[2012/01/01 18:52:34 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf

[2012/01/01 18:52:34 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll

[2012/01/01 18:52:34 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll

[2012/01/01 18:52:33 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll

[2012/01/01 18:52:33 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll

[2012/01/01 18:52:30 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs

[2012/01/01 18:51:25 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2012/01/01 18:51:24 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2012/01/01 18:48:28 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe

[2012/01/01 18:48:27 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe

[2012/01/01 18:48:27 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll

[2012/01/01 18:48:26 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2012/01/01 18:39:07 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2012/01/01 18:39:07 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2012/01/01 18:23:55 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll

[2012/01/01 18:23:54 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll

[2012/01/01 18:23:54 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll

[2012/01/01 18:23:54 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll

[2012/01/01 18:23:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll

[2012/01/01 18:23:53 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll

[2012/01/01 18:23:53 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll

[2012/01/01 18:23:53 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll

[2012/01/01 18:23:52 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll

[2012/01/01 18:23:52 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll

[2012/01/01 18:23:51 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll

[2012/01/01 18:23:51 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll

[2012/01/01 18:23:51 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll

[2012/01/01 18:23:50 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll

[2012/01/01 18:23:49 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll

[2012/01/01 18:23:49 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll

[2012/01/01 18:23:48 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll

[2012/01/01 18:23:47 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll

[2012/01/01 18:23:47 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll

[2012/01/01 18:23:45 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll

[2012/01/01 18:23:45 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll

[2012/01/01 18:23:45 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll

[2012/01/01 18:23:44 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll

[2012/01/01 18:23:44 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll

[2012/01/01 18:23:44 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll

[2012/01/01 18:23:44 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll

[2012/01/01 18:23:43 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll

[2012/01/01 18:23:42 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll

[2012/01/01 18:23:41 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll

[2012/01/01 18:23:40 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll

[2012/01/01 18:23:40 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll

[2012/01/01 18:23:39 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll

[2012/01/01 18:23:39 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll

[2012/01/01 18:23:39 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll

[2012/01/01 18:23:38 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll

[2012/01/01 18:23:38 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll

[2012/01/01 18:23:37 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll

[2012/01/01 18:23:36 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll

[2012/01/01 18:23:36 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll

[2012/01/01 18:23:36 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll

[2012/01/01 18:23:35 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll

[2012/01/01 18:23:34 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll

[2012/01/01 18:23:34 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll

[2012/01/01 18:23:34 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll

[2012/01/01 18:23:33 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll

[2012/01/01 18:23:33 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll

[2012/01/01 18:23:33 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll

[2012/01/01 18:23:32 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll

[2012/01/01 18:23:32 | 002,657,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll

[2012/01/01 18:23:32 | 001,966,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll

[2012/01/01 18:23:31 | 003,466,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll

[2012/01/01 18:23:31 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll

[2012/01/01 18:23:30 | 004,497,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll

[2012/01/01 18:23:30 | 002,599,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll

[2012/01/01 18:23:30 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll

[2012/01/01 18:23:29 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll

[2012/01/01 18:23:29 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll

[2012/01/01 18:23:28 | 004,875,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll

[2012/01/01 18:23:28 | 002,243,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll

[2012/01/01 18:23:27 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll

[2012/01/01 18:23:27 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll

[2012/01/01 18:23:27 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll

[2012/01/01 18:23:26 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll

[2012/01/01 18:23:26 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll

[2012/01/01 18:23:26 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll

[2012/01/01 18:23:25 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll

[2012/01/01 18:23:25 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll

[2012/01/01 18:23:24 | 009,847,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll

[2012/01/01 18:23:24 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll

[2012/01/01 18:23:23 | 002,643,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll

[2012/01/01 18:23:23 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll

[2012/01/01 18:23:22 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll

[2012/01/01 18:23:22 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll

[2012/01/01 18:23:22 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll

[2012/01/01 18:23:21 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll

[2012/01/01 18:23:20 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll

[2012/01/01 18:23:20 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll

[2012/01/01 18:23:20 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll

[2012/01/01 18:18:20 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll

[2012/01/01 18:04:35 | 031,326,208 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl

[2012/01/01 18:04:35 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf

[2012/01/01 18:04:35 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

[2012/01/01 17:34:10 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll

[2012/01/01 17:27:27 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2012/01/01 17:24:09 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2012/01/01 17:15:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf

[2012/01/01 17:15:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2012/01/01 17:14:53 | 000,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2012/01/01 17:14:53 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf

[2012/01/01 17:03:21 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h

[2012/01/01 17:00:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/01/01 16:59:18 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2012/01/01 16:48:21 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2012/01/01 16:48:21 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2012/01/01 16:48:21 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2012/01/01 16:48:21 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2012/01/01 16:48:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2012/01/01 16:48:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2012/01/01 16:48:20 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2012/01/01 16:48:20 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2012/01/01 16:48:20 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2012/01/01 16:46:02 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2012/01/01 16:46:01 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2012/01/01 16:46:00 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2012/01/01 16:05:10 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2012/01/01 16:05:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2012/01/01 16:04:13 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

[2012/01/01 15:30:13 | 000,001,028 | ---- | M] () -- C:\Users\Mary\Desktop\Revo Uninstaller.lnk

[2012/01/01 15:25:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/01/01 14:53:25 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI

[2011/12/28 12:06:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf

[2011/12/28 12:02:21 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2011/12/28 12:02:04 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2011/12/19 10:17:00 | 000,302,592 | ---- | M] () -- C:\Users\Mary\Desktop\5ny4vkgv.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[frustratedtotheex]

Final OTL

========== Files Created - No Company Name ==========

[2012/01/10 20:56:20 | 000,879,683 | ---- | C] () -- C:\Users\Mary\Desktop\SecurityCheck.exe

[2012/01/10 19:27:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012/01/10 18:51:45 | 000,000,924 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/01/10 18:51:26 | 000,000,744 | ---- | C] () -- C:\Users\Mary\Desktop\NTREGOPT.lnk

[2012/01/10 18:51:26 | 000,000,725 | ---- | C] () -- C:\Users\Mary\Desktop\ERUNT.lnk

[2012/01/10 18:35:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2012/01/10 18:35:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2012/01/10 18:35:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2012/01/02 09:00:04 | 000,000,680 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat

[2012/01/02 08:41:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2012/01/02 07:55:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2012/01/02 07:20:10 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf

[2012/01/02 07:20:05 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml

[2012/01/02 07:20:05 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml

[2012/01/02 07:19:47 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf

[2012/01/02 07:19:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2012/01/02 07:19:40 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf

[2012/01/02 07:18:40 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex

[2012/01/02 07:18:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF

[2012/01/02 07:18:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2012/01/02 07:18:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2012/01/02 07:18:06 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs

[2012/01/02 07:18:03 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man

[2012/01/02 07:17:54 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd

[2012/01/01 20:00:36 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc

[2012/01/01 19:59:24 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc

[2012/01/01 19:59:20 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs

[2012/01/01 19:52:31 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl

[2012/01/01 18:52:34 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf

[2012/01/01 18:52:30 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs

[2012/01/01 17:55:29 | 031,326,208 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl

[2012/01/01 17:55:29 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf

[2012/01/01 17:55:29 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

[2012/01/01 17:15:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf

[2012/01/01 17:15:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2012/01/01 17:14:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf

[2012/01/01 17:03:21 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h

[2012/01/01 17:00:18 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/01/01 17:00:05 | 000,001,779 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/01/01 15:30:13 | 000,001,028 | ---- | C] () -- C:\Users\Mary\Desktop\Revo Uninstaller.lnk

[2012/01/01 14:53:22 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI

[2011/12/28 12:06:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf

[2011/12/28 12:03:59 | 000,089,991 | ---- | C] () -- C:\Windows\System32\netathr.inf

[2011/12/28 12:03:59 | 000,030,578 | ---- | C] () -- C:\Windows\System32\athrext.cat

[2011/12/28 12:02:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat

[2011/12/28 12:02:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat

[2011/12/28 12:02:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2011/12/28 11:47:05 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk

[2011/12/28 11:46:44 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2011/12/28 09:18:16 | 000,000,960 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/12/28 09:18:13 | 000,000,955 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2011/12/28 09:18:00 | 000,000,926 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2011/12/28 09:17:36 | 000,000,258 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2011/12/28 09:17:36 | 000,000,240 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2007/08/16 17:56:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/08/16 14:28:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007/07/14 01:52:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/07/14 01:29:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/02/20 19:39:10 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/01/03 08:34:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2007/01/03 08:34:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2007/01/03 08:34:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2007/01/03 08:34:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2007/01/03 08:34:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2007/01/03 05:47:50 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys

[2006/12/05 15:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 000,326,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2012/01/02 08:59:16 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\TOSHIBA

[2012/01/02 08:55:51 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\WinBatch

[2012/01/10 19:29:02 | 000,020,228 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

[frustratedtotheex]

Extras

OTL Extras logfile created on: 1/10/2012 8:56:49 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.79% Memory free

3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 147.58 Gb Total Space | 105.94 Gb Free Space | 71.78% Space Free | Partition Type: NTFS

Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{32A194E1-F3FE-4D8A-9B27-14F59CBD3D7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{C49EB975-B66D-49A2-AE4D-A8DC1F20A0A2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004AFB1B-202C-4CE9-2F0A-AC2C254B7474}" = Catalyst Control Center Core Implementation

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{0F8BA4A0-40C2-5EDD-208E-44F9D99AF66A}" = ccc-utility

"{12396D22-A3C5-BE0E-4BE9-40925B547124}" = Catalyst Control Center Localization French

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B0D089-0C76-1138-BF98-AA3764B95B3C}" = Catalyst Control Center Graphics Previews Vista

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1B9E9846-F9F9-108F-7101-3F04C1ECF7F4}" = CCC Help Norwegian

"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding

"{25E3424B-E50A-A739-E7BC-28D51257EB3D}" = Catalyst Control Center Localization Japanese

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{2B81D384-C464-A647-E0BC-2F0B0A259101}" = CCC Help Polish

"{2D9720C9-68DC-E26F-556C-0E187F7F75B5}" = Skins

"{2DBD54E4-60FF-5C22-8A4F-07CE91D4BCA9}" = CCC Help Czech

"{306583FF-1018-9418-5165-4323FE79297E}" = ccc-core-static

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{40ACD261-6346-22D6-9E35-7A0AF351A5A0}" = CCC Help Chinese Traditional

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{462D573C-5652-07A8-81BB-A6F06A8DF6D6}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{518CFBF4-6D36-3BD6-1261-4BB2E7B66592}" = Catalyst Control Center Localization Norwegian

"{5334052F-BCE7-09B0-760A-C07C0C95165A}" = CCC Help Chinese Standard

"{5452824A-9D54-D448-7D83-A9F06BC82B08}" = Catalyst Control Center Localization Dutch

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57B461F1-B9A6-A755-D44D-35B30265F55B}" = Catalyst Control Center Localization Turkish

"{5B0DEC51-454B-7A22-1344-C0667D7EE297}" = Catalyst Control Center Localization Hungarian

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{68076F84-541F-A160-CA5A-5D495BC2774A}" = Catalyst Control Center Graphics Light

"{6F7A4C02-81A3-52CC-F146-BF341B6B6F66}" = CCC Help Italian

"{7000D045-5626-577C-37D7-4340CBDBF1F5}" = CCC Help German

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73265757-21E0-F0B4-BA10-AE041A4D0A66}" = CCC Help Swedish

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77523838-39A6-CE90-A73B-83B78852D0BA}" = CCC Help French

"{77ABDB01-BB12-6C05-1FC7-1D000DD01BF2}" = CCC Help Portuguese

"{7D7FFF01-953A-DC52-F32A-043C7EA9DA8A}" = Catalyst Control Center Graphics Full Existing

"{84610568-58EC-B9C7-604B-F336384CD41C}" = Catalyst Control Center Localization German

"{87D3F51A-BB3B-6780-F5BD-B68085D7243E}" = Catalyst Control Center Localization Chinese Traditional

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A6B3ADA-8F72-ECEB-AD49-7DD1B2FDEAEA}" = Catalyst Control Center Localization Czech

"{8B119FA0-443D-992E-F390-0372263B4634}" = Catalyst Control Center Localization Polish

"{8F6497B5-8570-F8F5-0BC3-4EB466DF348C}" = Catalyst Control Center Graphics Full New

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90C8F4D6-8479-C80D-9BD1-2EBAF6BF71E6}" = CCC Help Finnish

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A56F5DFC-AB11-EE35-DBEC-DA491E31EB45}" = Catalyst Control Center Localization Italian

"{A6A8B5E4-60FE-EAAB-3A17-425979599B5D}" = Catalyst Control Center Localization Spanish

"{A7ED90ED-0FCF-1477-59C5-DEAFBF600A05}" = CCC Help Hungarian

"{AB1DC37B-800F-7DBD-ADC7-1F39F77B6139}" = Catalyst Control Center Localization Thai

"{B038E6F8-412A-87C2-D629-130748480DB6}" = Catalyst Control Center Localization Portuguese

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B7C328ED-447B-4881-A404-5778E3CD0BE4}" = CCC Help Dutch

"{C121A2E8-0487-5CDD-7D2F-6F1E894ED570}" = CCC Help Japanese

"{C4C5B527-1EB2-642C-A2A0-E3010F2B1ACC}" = CCC Help Korean

"{C4DDCEFB-BB7A-0743-9E0B-FA8F2FB9CD85}" = Catalyst Control Center Localization Russian

"{C7CDD6EC-2144-4AA3-AEC8-4E4BE596A382}" = Catalyst Control Center Localization Swedish

"{C7D2A2C1-48A3-9DC3-A2EB-EF3C8EF4E1F0}" = CCC Help Turkish

"{C8650C9A-F3DC-77F7-D162-AE15407A3F12}" = Catalyst Control Center Localization Chinese Standard

"{C941DC8B-7DEE-B47D-233D-9921B74808E5}" = CCC Help Russian

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CF844630-B4B6-FD54-A983-D9CF69EE47D3}" = Catalyst Control Center Localization Greek

"{D7B3C832-1DEA-7F3A-1BF3-FE3661248DDC}" = Catalyst Control Center Localization Danish

"{D947631B-933E-5F26-AB61-24EA0BF6BCD6}" = Catalyst Control Center Localization Korean

"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI

"{E2DC4C9A-43CF-8F23-8EEA-2D0C76C96A2D}" = CCC Help Greek

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E7FB56B1-F318-0AEF-8696-7C715219B190}" = Catalyst Control Center Localization Finnish

"{EA8B703F-43F2-9BC9-CE76-BB0E527F3DA6}" = CCC Help English

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F648E1F9-3835-46EA-44A6-0A7F13FB75D3}" = CCC Help Spanish

"{FBEDF075-637E-8C96-9B2C-13B1B0F43F4C}" = CCC Help Danish

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"ERUNT_is1" = ERUNT 1.1j

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Revo Uninstaller" = Revo Uninstaller 1.93

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/4/2007 9:23:58 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:23:58 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:01 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:01 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:02 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:02 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:02 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:02 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:02 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 1/4/2007 9:24:02 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

[ System Events ]

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:45:52 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/1/2012 8:54:52 PM | Computer Name = Mary-PC | Source = DCOM | ID = 10010

Description =

< End of report >

[frustratedtotheex]

Checkup

Results of screen317's Security Check version 0.99.30

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 30

Java SE Runtime Environment 6

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

[Maurice Naggar]

I'm not (as of this evening anyhow) seeing what the suspect(s) are causing your original complaint.

Have you or anyone else run "fixes" before I started to assist you? If so, what tools ?

Do no further fixes without checking with me first. It is important that you follow guidance and do no other on your own.

Q: Is this your description that you put in earlier ?

TDSS Log--Fix not enabled only Fix mbr

Q: Inquire with your son to find out what is on that USB flash drive, and let me know.

I'd like to have you run a report from HijackThis. If you have a prior version of it, delete the Hijackthis.exe

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and RIGHT-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Reply with a copy of the HJT log. Do NOT do any fixes in HijackThis. Close it when you are done.

and just provide a general description of how your system is.

BTW, that is an outstanding report from Security Check. All up-to-date. Kudos.

[frustratedtotheex]

I'm not (as of this evening anyhow) seeing what the suspect(s) are causing your original complaint.

Have you or anyone else run "fixes" before I started to assist you? If so, what tools ?

I did a complete system restore and after doing that couldn't get online. I ran combofix in desperation.

Do no further fixes without checking with me first. It is important that you follow guidance and do no other on your own.

Q: Is this your description that you put in earlier ? YES.

Q: Inquire with your son to find out what is on that USB flash drive, and let me know. Gameboy emulators? and school work.

I'd like to have you run a report from HijackThis. If you have a prior version of it, delete the Hijackthis.exe

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and RIGHT-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Reply with a copy of the HJT log. Do NOT do any fixes in HijackThis. Close it when you are done.

and just provide a general description of how your system is.

BTW, that is an outstanding report from Security Check. All up-to-date. Kudos.

Yea--atleast I'm doing something right.

[Maurice Naggar]

You said

I did a complete system restore and after doing that couldn't get online. I ran combofix in desperation.

First, a reminder that while we are helping you on this board, to have plenty of patience and to NOT do anything on your own.

Otherwise, your helper is clueless and it simply over=complicates things.

Second, using Combofix without guided help is a dangerous risk. While it's a great tool, using it at an inappropriate point could turn your system into a door-stopper.

Third, you used the Windows System restore at what point and time?

Even if you have done so, if there is malware present using SR will not quash malware that hides in areas NOT covered by System Restore.

Fourth, I'd like to see a HijackThis log for review -- if you still need my help. Kindly advise.

[frustratedtotheex]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:19:53 AM, on 1/11/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Mary\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 3619 bytes

Here's the hijack file. I did a complete out of box restore before I did posted to you all and did the combofix. That is when my husband said that it was probably a rootkit considering the issues that were going on before the restore and combofix (programs starting admin passing up, IE not working).

Thanks for working with me.

[Maurice Naggar]

Given you did a factory restore, then the issue of infection is moot. I assume your system is behaving normally now ?

This is to cleanup some tools, if any are still around.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

I cannot now tell what the original infector was/is, but suspect as I think you do, that your son's USB flash had something to do with this.

What have you done with it? If it has nothing valuable on it, I'd recommend reformating it.

Make sure you use this system today to visit Windows Updates to insure your Windows is all current.

MS released some security fixes just yesterday afternoon.

Fot tips on security and malware prevention, I want to recommend a reference I just recently found.

It has the typical heads-up tips, but has the added benefit of having some excellent screen captures / screen snipets !

The resource main page is at http://www.malwarevault.com/index.html

See the tab "Prevention Tips" http://www.malwarevault.com/prevention.html

Any issues or questions before I mark this Resolved and close it ?

[frustratedtotheex]

Thanks so much. Unfortnately, he is in IB and needs his work that is on there. I will start a new thread to try and clean his computer and flash drive. Thanks for your help. I feel better knowing that it really is clean. My husband said it wouldn't be which is why I was on here.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!