Whitesmoke translator virus removal

[piabads]

Hi,

I copied this from a closed thread, but it applies to me as well. My log is below the quoted text; thank you in advance for advice!!

"I have a nasty little virus from somehow downloading whitesmoke translator, and I'm wondering how I can remove this virus. I saw in another thread about downloading ComboFix.exe, which I ran and then created a log in a text file. Below is the text from C:\ComboFix.txt. Can anyone provide me with some help to remove this virus? Thanks!"

ComboFix 11-01-18.04 - MBT 01/19/2011 12:31:41.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1803 [GMT -5:00]

Running from: c:\documents and settings\MBT\My Documents\Downloads\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\dtx.ini

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\exeArgs.xml

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\guid.dat

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\setupCfg.xml

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\dtx.ini

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\guid.dat

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\preferences.dat

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\stat.log

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\stats.dat

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\uninstallIE.dat

c:\documents and settings\Mary Beth Taormina\Application Data\whitesmoketoolbar\uninstallStatIE.dat

c:\documents and settings\Mary Beth Taormina\g2mdlhlpx.exe

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\program files\WhiteSmoke Translator

c:\program files\WhiteSmoke Translator\buy.ico

c:\program files\WhiteSmoke Translator\ComVistaElevator.dll

c:\program files\WhiteSmoke Translator\Dictionary48x48.ico

c:\program files\WhiteSmoke Translator\html\english\common\iepngfix\blank.gif

c:\program files\WhiteSmoke Translator\html\english\common\iepngfix\checkerboard.gif

c:\program files\WhiteSmoke Translator\html\english\common\iepngfix\helix.gif

c:\program files\WhiteSmoke Translator\html\english\common\iepngfix\iepngfix.htc

c:\program files\WhiteSmoke Translator\html\english\common\iepngfix\iepngfix.html

c:\program files\WhiteSmoke Translator\html\english\common\iepngfix\opacity.png

c:\program files\WhiteSmoke Translator\html\english\common\js\common.js

c:\program files\WhiteSmoke Translator\html\english\common\js\pngfix.js

c:\program files\WhiteSmoke Translator\html\english\common\js\prototype.js

c:\program files\WhiteSmoke Translator\html\english\common\js\xmlhttp.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\ajax-loader.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\bottom_bg.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\bottom_left_corner.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_bottom_left.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_bottom_right.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_top_left.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_top_right.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\down_arrow.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\empty.jpg

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\input_bg.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\left_input.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\loading_dictionary.swf

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\resize.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\right_input.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Background\search_strip_bg3.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_disabled.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\down_arrow.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_disabled.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_disabled.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_disabled.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translate_normal.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translate_pressed.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translate_rollover.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_disabled.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_close_down.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_close_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_close_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_max_down.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_max_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_max_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_min_down.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_min_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_min_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_dictionary_off.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_dictionary_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_dictionary_roll_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_strip.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_translation_off.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_translation_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_translation_roll_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\logo.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_bg.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_bg_bottom.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_bg_top.png

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_captionbar_press.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_captionbar_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\img\spacer.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\index.html

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\common.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\Contextmenu.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\dictInterface.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\jquery.combobox.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\jquery.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\prototype.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\js\xmlhttp.js

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\style\combobox.css

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\style\Contextmenu.css

c:\program files\WhiteSmoke Translator\html\english\dictClientDic\style\dictionary.css

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\body_bg.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_down.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_strip.png

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\logo.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\congra.png

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\continue_button_click.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\continue_button_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\continue_button_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\intro.jpg

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\img\welcome.png

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\index.html

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\js\regInterface.js

c:\program files\WhiteSmoke Translator\html\english\dictClientRegistration\style\registration.css

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\attic\use_ws_bgNEW.PNG

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.jpg

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.png

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\use_ws_bgNEW.jpg

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\use_ws_bgNEW.PNG

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\buy_button.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\caption_bar_close_down.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\caption_bar_close_over.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\caption_bar_close_up.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\arrow_white.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\caption_strip.png

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\left_bot_chunk.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\right_bot_chunk.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\white_x_button.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\close_button.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\close_button_down.gif

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\expired_bg.png

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\js\iframeInterface.js

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\style\welcome.css

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\welcome_all.html

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\content\welcome_expired.html

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\index.html

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\js\welcomeInterface.js

c:\program files\WhiteSmoke Translator\html\english\dictClientWelcome\style\welcomescreen.css

c:\program files\WhiteSmoke Translator\license_agreement_translator.txt

c:\program files\WhiteSmoke Translator\Microsoft.VC80.CRT.manifest

c:\program files\WhiteSmoke Translator\msvcm80.dll

c:\program files\WhiteSmoke Translator\msvcp80.dll

c:\program files\WhiteSmoke Translator\msvcr80.dll

c:\program files\WhiteSmoke Translator\osmax.ocx

c:\program files\WhiteSmoke Translator\secman.dll

c:\program files\WhiteSmoke Translator\settings.ini

c:\program files\WhiteSmoke Translator\TCCons.dll

c:\program files\WhiteSmoke Translator\WCapture.dll

c:\program files\WhiteSmoke Translator\WCaptureX.dll

c:\program files\WhiteSmoke Translator\WCustom.dll

c:\program files\WhiteSmoke Translator\WhiteSmokeDictRegistration.exe

c:\program files\WhiteSmoke Translator\WHook.dll

c:\program files\WhiteSmoke Translator\WMonitorX.dll

c:\program files\WhiteSmoke Translator\WSDictHookDll.dll

c:\program files\WhiteSmoke Translator\WSLogger.exe

c:\program files\WhiteSmoke Translator\WSTrayDictMode.exe

c:\program files\whitesmoketoolbar

c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml

c:\program files\whitesmoketoolbar\chrome\content\lib\external.js

c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml

c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html

c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml

c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl

c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js

c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html

c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm

c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html

c:\program files\whitesmoketoolbar\chrome\content\preferences.xml

c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm

c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul

c:\program files\whitesmoketoolbar\chrome\content\vmncode.js

c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl

c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml

c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml

c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl

c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml

c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png

c:\program files\whitesmoketoolbar\chrome\skin\about.gif

c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png

c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png

c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png

c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png

c:\program files\whitesmoketoolbar\chrome\skin\blank_png

c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif

c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif

c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png

c:\program files\whitesmoketoolbar\chrome\skin\ca.png

c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png

c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png

c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png

c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png

c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png

c:\program files\whitesmoketoolbar\chrome\skin\divider.png

c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png

c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png

c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png

c:\program files\whitesmoketoolbar\chrome\skin\email.png

c:\program files\whitesmoketoolbar\chrome\skin\email_on.png

c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png

c:\program files\whitesmoketoolbar\chrome\skin\facebook.png

c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png

c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png

c:\program files\whitesmoketoolbar\chrome\skin\france_png

c:\program files\whitesmoketoolbar\chrome\skin\games.png

c:\program files\whitesmoketoolbar\chrome\skin\games_png

c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png

c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png

c:\program files\whitesmoketoolbar\chrome\skin\grey.gif

c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png

c:\program files\whitesmoketoolbar\chrome\skin\images.png

c:\program files\whitesmoketoolbar\chrome\skin\italy_png

c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml

c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png

c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif

c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png

c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png

c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png

c:\program files\whitesmoketoolbar\chrome\skin\logo.png

c:\program files\whitesmoketoolbar\chrome\skin\mail.png

c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif

c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png

c:\program files\whitesmoketoolbar\chrome\skin\modify.png

c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png

c:\program files\whitesmoketoolbar\chrome\skin\music.png

c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css

c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png

c:\program files\whitesmoketoolbar\chrome\skin\news.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\orange.gif

c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png

c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png

c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png

c:\program files\whitesmoketoolbar\chrome\skin\rss.png

c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png

c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif

c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif

c:\program files\whitesmoketoolbar\chrome\skin\search-over.png

c:\program files\whitesmoketoolbar\chrome\skin\search.png

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png

c:\program files\whitesmoketoolbar\chrome\skin\settings.png

c:\program files\whitesmoketoolbar\chrome\skin\shopping.png

c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png

c:\program files\whitesmoketoolbar\chrome\skin\skin.xml

c:\program files\whitesmoketoolbar\chrome\skin\spain_png

c:\program files\whitesmoketoolbar\chrome\skin\technorati.png

c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif

c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png

c:\program files\whitesmoketoolbar\chrome\skin\translate.png

c:\program files\whitesmoketoolbar\chrome\skin\Translate_png

c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png

c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png

c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png

c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png

c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png

c:\program files\whitesmoketoolbar\chrome\skin\usa_png

c:\program files\whitesmoketoolbar\chrome\skin\vmn.css

c:\program files\whitesmoketoolbar\chrome\skin\vmn.png

c:\program files\whitesmoketoolbar\chrome\skin\web.png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png

c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png

c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png

c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif

c:\program files\whitesmoketoolbar\chrome\skin\youtube.png

c:\program files\whitesmoketoolbar\chrome\skin\zoom.png

c:\program files\whitesmoketoolbar\components\windowmediator.js

c:\program files\whitesmoketoolbar\manifest.xml

c:\program files\whitesmoketoolbar\toolbar.xml

c:\program files\whitesmoketoolbar\uninstall.exe

c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll

c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

C:\usxxxxxxxx.exe

c:\usxxxxxxxx.exe\config.bin

c:\windows\system32\6to4v32.dll

c:\windows\system32\drivers\jgkkwhep.sys

c:\windows\TEMP\35.tmp

c:\windows\TEMP\36.tmp

F:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

-------\Service_gfvv

((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))

.

2011-01-19 16:44 . 2011-01-19 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-01-13 16:00 . 2011-01-13 16:00 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-13 16:00 . 2011-01-13 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-13 16:00 . 2011-01-13 16:00 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-13 11:58 . 2011-01-13 11:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-22 19:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-22 19:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-19 18:23 . 2009-04-24 15:08 0 ----a-w- c:\documents and settings\Mary Beth Taormina\Local Settings\Application Data\WavXMapDrive.bat

2010-11-18 18:12 . 2008-04-25 21:27 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2008-04-25 16:16 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-08 15:30 . 2010-11-08 15:30 568664 ----a-w- c:\program files\GoogleEarthPluginSetup.exe

2010-11-06 00:26 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2008-04-25 16:16 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:27 . 2008-04-25 16:16 1862272 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"

[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"

[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-08-27 1044480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-11 141336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-08-06 182808]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-08-21 184320]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-08-22 145408]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-08-28 656696]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-08-28 91448]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-12 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]

Launch Whitesmoke Translator.lnk - c:\qoobox\Quarantine\C\Program Files\Whitesmoke Translator\WSTrayDictMode.exe.vir [2011-1-13 671744]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 02:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.1.20090925-1604\\win32\\x86\\notes2.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/16/2009 9:35 PM 24064]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [8/2/2010 12:56 PM 22312]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [4/24/2009 10:14 AM 111232]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [4/24/2009 10:14 AM 38912]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11/4/2009 7:12 AM 80936]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [4/24/2009 10:14 AM 98304]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/5/2010 8:59 PM 583360]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [3/16/2009 9:35 PM 144480]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 10:30 AM 136176]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [4/24/2009 10:14 AM 14976]

.

Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 15:30]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 15:30]

2010-09-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]

2010-09-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25]

2011-01-19 c:\windows\Tasks\Scan for Potentially Unwanted Applications 12pm and 6pm.job

- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-04-24 15:14]

2011-01-19 c:\windows\Tasks\SDMsgUpdate (SD).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-08-11 11:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:8075

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF269~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Mary Beth Taormina\Application Data\Mozilla\Firefox\Profiles\pnp1ru6h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.vcu.edu

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-usxxxxxxxx.exe - c:\usxxxxxxxx.exe\usxxxxxxxx.exe

AddRemove-Corel Remove Program - e:\corel\AppMan\Setup\remove.exe

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-19 13:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]

"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\windows\system32\WININET.dll

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(780)

c:\windows\system32\WININET.dll

- - - - - - - > 'Explorer.exe'(5836)

c:\windows\system32\WININET.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\notes\nsd.exe

c:\notes\ntmulti.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Sophos\Remote Management System\RouterNT.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\SearchIndexer.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\NWTRAY.EXE

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-01-19 13:28:46 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-19 18:28

Pre-Run: 259,591,467,008 bytes free

Post-Run: 260,945,887,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0F3FCCAECC56130F5572DF963E37C521

[LDTate]

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[piabads]

ComboFix 11-01-20.03 - MBT 01/21/2011 6:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2044 [GMT -5:00]

Running from: c:\documents and settings\MBT\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\MBT\Desktop\CFScript.txt

AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))

.

2011-01-19 16:44 . 2011-01-19 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-01-13 16:00 . 2011-01-13 16:00 -------- d-----w- c:\program files\Yontoo Layers Client

2011-01-13 16:00 . 2011-01-13 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-13 16:00 . 2011-01-13 16:00 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-13 11:58 . 2011-01-13 11:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-22 19:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-22 19:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 12:01 . 2009-04-24 15:08 0 ----a-w- c:\documents and settings\MBT\Local Settings\Application Data\WavXMapDrive.bat

2010-11-18 18:12 . 2008-04-25 21:27 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2008-04-25 16:16 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-08 15:30 . 2010-11-08 15:30 568664 ----a-w- c:\program files\GoogleEarthPluginSetup.exe

2010-11-06 00:26 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2008-04-25 16:16 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:27 . 2008-04-25 16:16 1862272 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-01-19_18.24.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-21 12:00 . 2007-06-20 13:02 73728 c:\windows\Temp\sophos_autoupdate1.dir\xmltok.dll

- 2011-01-19 17:53 . 2007-06-20 13:02 73728 c:\windows\Temp\sophos_autoupdate1.dir\xmltok.dll

+ 2011-01-21 12:00 . 2007-06-20 13:02 57344 c:\windows\Temp\sophos_autoupdate1.dir\xmlparse.dll

- 2011-01-19 17:53 . 2007-06-20 13:02 57344 c:\windows\Temp\sophos_autoupdate1.dir\xmlparse.dll

- 2011-01-19 17:53 . 2007-06-20 13:02 14336 c:\windows\Temp\sophos_autoupdate1.dir\xmlcpp.dll

+ 2011-01-21 12:00 . 2007-06-20 13:02 14336 c:\windows\Temp\sophos_autoupdate1.dir\xmlcpp.dll

- 2011-01-19 17:53 . 2008-04-14 10:32 18432 c:\windows\Temp\sophos_autoupdate1.dir\SharedRes.dll

+ 2011-01-21 12:00 . 2008-04-14 10:32 18432 c:\windows\Temp\sophos_autoupdate1.dir\SharedRes.dll

+ 2011-01-21 12:00 . 2007-06-20 13:02 20480 c:\windows\Temp\sophos_autoupdate1.dir\crypto.dll

- 2011-01-19 17:53 . 2007-06-20 13:02 20480 c:\windows\Temp\sophos_autoupdate1.dir\crypto.dll

+ 2011-01-21 12:00 . 2007-06-20 13:02 45056 c:\windows\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll

- 2011-01-19 17:53 . 2007-06-20 13:02 45056 c:\windows\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll

+ 2011-01-21 12:00 . 2011-01-21 12:00 16384 c:\windows\Temp\Perflib_Perfdata_1bc.dat

+ 2011-01-21 12:00 . 2011-01-21 12:00 16384 c:\windows\Temp\Perflib_Perfdata_104.dat

- 2008-04-25 16:16 . 2011-01-19 18:25 80058 c:\windows\system32\perfc009.dat

+ 2008-04-25 16:16 . 2011-01-21 11:34 80058 c:\windows\system32\perfc009.dat

+ 2008-04-25 16:16 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2011-01-19 17:53 . 2010-06-03 10:43 2970 c:\windows\Temp\sophos_autoupdate1.dir\scf.dat

+ 2011-01-21 12:00 . 2010-06-03 10:43 2970 c:\windows\Temp\sophos_autoupdate1.dir\scf.dat

+ 2010-06-08 12:29 . 2011-01-20 20:11 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2011-01-19 17:53 . 2009-01-28 12:36 208896 c:\windows\Temp\sophos_autoupdate1.dir\retailer.dll

+ 2011-01-21 12:00 . 2009-01-28 12:36 208896 c:\windows\Temp\sophos_autoupdate1.dir\retailer.dll

+ 2011-01-21 12:00 . 2006-07-28 17:22 348160 c:\windows\Temp\sophos_autoupdate1.dir\MSVCR71.DLL

- 2011-01-19 17:53 . 2006-07-28 17:22 348160 c:\windows\Temp\sophos_autoupdate1.dir\MSVCR71.DLL

+ 2011-01-21 12:00 . 2006-07-28 17:22 499712 c:\windows\Temp\sophos_autoupdate1.dir\MSVCP71.DLL

- 2011-01-19 17:53 . 2006-07-28 17:22 499712 c:\windows\Temp\sophos_autoupdate1.dir\MSVCP71.DLL

- 2011-01-19 17:53 . 2007-06-20 13:02 745472 c:\windows\Temp\sophos_autoupdate1.dir\libeay32.dll

+ 2011-01-21 12:00 . 2007-06-20 13:02 745472 c:\windows\Temp\sophos_autoupdate1.dir\libeay32.dll

+ 2011-01-21 12:00 . 2009-01-28 12:36 159744 c:\windows\Temp\sophos_autoupdate1.dir\libcurl.dll

- 2011-01-19 17:53 . 2009-01-28 12:36 159744 c:\windows\Temp\sophos_autoupdate1.dir\libcurl.dll

+ 2011-01-21 12:00 . 2009-07-24 12:39 176128 c:\windows\Temp\sophos_autoupdate1.dir\CidSync.dll

- 2011-01-19 17:53 . 2009-07-24 12:39 176128 c:\windows\Temp\sophos_autoupdate1.dir\CidSync.dll

+ 2011-01-21 12:00 . 2009-07-01 16:21 172032 c:\windows\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll

- 2011-01-19 17:53 . 2009-07-01 16:21 172032 c:\windows\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll

+ 2011-01-21 12:00 . 2010-06-03 10:43 663552 c:\windows\Temp\sophos_autoupdate1.dir\ALUpdate.exe

- 2011-01-19 17:53 . 2010-06-03 10:43 663552 c:\windows\Temp\sophos_autoupdate1.dir\ALUpdate.exe

- 2008-04-25 16:16 . 2011-01-19 18:25 466842 c:\windows\system32\perfh009.dat

+ 2008-04-25 16:16 . 2011-01-21 11:34 466842 c:\windows\system32\perfh009.dat

+ 2011-01-20 20:12 . 2010-09-21 15:01 195618 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

+ 2010-06-08 12:29 . 2011-01-20 20:11 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2010-06-08 12:29 . 2011-01-05 14:13 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2010-06-08 12:29 . 2011-01-20 20:11 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"

[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"

[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-08-27 1044480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-11 141336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-08-06 182808]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-08-21 184320]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-08-22 145408]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-08-28 656696]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-08-28 91448]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-12 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launch Whitesmoke Translator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk

backup=c:\windows\pss\Launch Whitesmoke Translator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 02:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.1.20090925-1604\\win32\\x86\\notes2.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/16/2009 9:35 PM 24064]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [8/2/2010 12:56 PM 22312]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [4/24/2009 10:14 AM 111232]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [4/24/2009 10:14 AM 38912]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11/4/2009 7:12 AM 80936]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [4/24/2009 10:14 AM 98304]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/5/2010 8:59 PM 583360]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [3/16/2009 9:35 PM 144480]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 10:30 AM 136176]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [4/24/2009 10:14 AM 14976]

.

Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 15:30]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 15:30]

2010-09-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]

2010-09-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25]

2011-01-19 c:\windows\Tasks\Scan for Potentially Unwanted Applications 12pm and 6pm.job

- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-04-24 15:14]

2011-01-21 c:\windows\Tasks\SDMsgUpdate (SD).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-08-11 11:29]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF269~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MBT\Application Data\Mozilla\Firefox\Profiles\pnp1ru6h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.vcu.edu

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-21 07:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Hitachi_HDP725032GLA360 rev.GM3OA5BA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-8

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B315735]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b31b990]; MOV EAX, [0x8b31ba0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B35FAB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B397A60]

\Driver\atapi[0x8B3A8E18] -> IRP_MJ_CREATE -> 0x8B315735

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\Ide\IdeDeviceP2T0L0-8 -> \??\IDE#DiskHitachi_HDP725032GLA360_________________GM3OA5BA#5&1956efaf&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8B31557B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sophos Message Router]

"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\windows\system32\WININET.dll

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(780)

c:\windows\system32\WININET.dll

- - - - - - - > 'Explorer.exe'(4584)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmUserInterface.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\notes\nsd.exe

c:\notes\ntmulti.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Sophos\Remote Management System\RouterNT.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\SearchIndexer.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\NWTRAY.EXE

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-01-21 07:06:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-21 12:06

ComboFix2.txt 2011-01-19 18:28

Pre-Run: 261,289,205,760 bytes free

Post-Run: 261,493,440,512 bytes free

- - End Of File - - FF283BA70E477DE648446DABB89329B0

Current PC behavior?

1. "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience (yada, yada, yada)" pops up approximately 2 minutes after successful desktop loading. This has occurred since the original infection.

2. Before this last run, had random sites popping up as new windows in Firefox 3.6.3. This has not happened yet, but it's not to say that it won't.

Thank you! I await further advice...

[LDTate]

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• It doesn't take long to run, once it is finished move onto the next step
  

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

[piabads]

2011/01/21 08:08:04.0859 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51

2011/01/21 08:08:04.0859 ================================================================================

2011/01/21 08:08:04.0859 SystemInfo:

2011/01/21 08:08:04.0859

2011/01/21 08:08:04.0859 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/21 08:08:04.0859 Product type: Workstation

2011/01/21 08:08:04.0859 ComputerName: MBT

2011/01/21 08:08:04.0859 UserName: Mary Beth Taormina

2011/01/21 08:08:04.0859 Windows directory: C:\WINDOWS

2011/01/21 08:08:04.0859 System windows directory: C:\WINDOWS

2011/01/21 08:08:04.0859 Processor architecture: Intel x86

2011/01/21 08:08:04.0859 Number of processors: 2

2011/01/21 08:08:04.0859 Page size: 0x1000

2011/01/21 08:08:04.0859 Boot type: Normal boot

2011/01/21 08:08:04.0859 ================================================================================

2011/01/21 08:08:05.0000 Initialize success

2011/01/21 08:08:12.0109 ================================================================================

2011/01/21 08:08:12.0109 Scan started

2011/01/21 08:08:12.0109 Mode: Manual;

2011/01/21 08:08:12.0109 ================================================================================

2011/01/21 08:08:13.0390 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/21 08:08:13.0421 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/21 08:08:13.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/21 08:08:13.0484 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/01/21 08:08:13.0515 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/21 08:08:13.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/21 08:08:13.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/21 08:08:13.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/21 08:08:13.0593 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/21 08:08:13.0609 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/21 08:08:13.0609 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/21 08:08:13.0625 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/21 08:08:13.0625 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/21 08:08:13.0656 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/21 08:08:13.0718 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/21 08:08:13.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/21 08:08:13.0765 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/21 08:08:13.0765 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/21 08:08:13.0796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/21 08:08:13.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/21 08:08:13.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/21 08:08:13.0968 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/21 08:08:14.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/21 08:08:14.0109 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/21 08:08:14.0125 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/21 08:08:14.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/21 08:08:14.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/21 08:08:14.0171 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/21 08:08:14.0187 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/21 08:08:14.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/21 08:08:14.0218 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/21 08:08:14.0234 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/21 08:08:14.0234 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/21 08:08:14.0265 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/21 08:08:14.0265 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/21 08:08:14.0281 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/21 08:08:14.0312 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2011/01/21 08:08:14.0312 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2011/01/21 08:08:14.0328 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/01/21 08:08:14.0328 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2011/01/21 08:08:14.0343 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2011/01/21 08:08:14.0343 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2011/01/21 08:08:14.0343 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2011/01/21 08:08:14.0359 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/01/21 08:08:14.0390 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2011/01/21 08:08:14.0390 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2011/01/21 08:08:14.0421 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/21 08:08:14.0437 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/21 08:08:14.0437 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/21 08:08:14.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/21 08:08:14.0562 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/21 08:08:14.0562 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/21 08:08:14.0593 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/01/21 08:08:14.0593 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/01/21 08:08:14.0625 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys

2011/01/21 08:08:14.0671 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\dddsk.sys

2011/01/21 08:08:14.0703 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/21 08:08:14.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/21 08:08:14.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/21 08:08:14.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/21 08:08:14.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/21 08:08:14.0765 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/21 08:08:14.0781 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/21 08:08:14.0812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/21 08:08:14.0890 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/21 08:08:14.0890 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/21 08:08:14.0921 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys

2011/01/21 08:08:14.0953 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/21 08:08:14.0984 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2011/01/21 08:08:15.0015 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/21 08:08:15.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/21 08:08:15.0062 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/21 08:08:15.0093 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/21 08:08:15.0234 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/01/21 08:08:15.0375 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys

2011/01/21 08:08:15.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/21 08:08:15.0453 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/21 08:08:15.0468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/21 08:08:15.0484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/21 08:08:15.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/21 08:08:15.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/21 08:08:15.0531 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/21 08:08:15.0562 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/21 08:08:15.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/21 08:08:15.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/21 08:08:15.0703 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/21 08:08:15.0750 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/21 08:08:15.0765 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/21 08:08:15.0796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/21 08:08:15.0828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/21 08:08:15.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/21 08:08:15.0875 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/21 08:08:15.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/21 08:08:15.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/21 08:08:16.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/21 08:08:16.0046 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/21 08:08:16.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/21 08:08:16.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/21 08:08:16.0171 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/21 08:08:16.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/21 08:08:16.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/21 08:08:16.0218 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/21 08:08:16.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/21 08:08:16.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/21 08:08:16.0265 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/21 08:08:16.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/21 08:08:16.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/21 08:08:16.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/21 08:08:16.0375 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/21 08:08:16.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/21 08:08:16.0484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/21 08:08:16.0546 NetwareWorkstation (a48f743759ea1c7917eb21cadf75f566) C:\WINDOWS\system32\NetWare\nwfs.sys

2011/01/21 08:08:16.0546 NICM (d686538f37dff96042047930650ac88d) C:\WINDOWS\system32\drivers\nicm.sys

2011/01/21 08:08:16.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/21 08:08:16.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/21 08:08:16.0656 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/01/21 08:08:16.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/21 08:08:16.0687 NWDHCP (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys

2011/01/21 08:08:16.0687 NWDNS (b6f69f4d4fae462574f3440070ac22ec) C:\WINDOWS\system32\NetWare\nwdns.sys

2011/01/21 08:08:16.0718 NWFILTER (3d8f24cbed28067e4c5a960ee67cdb19) C:\WINDOWS\system32\NetWare\nwfilter.sys

2011/01/21 08:08:16.0781 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys

2011/01/21 08:08:16.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/21 08:08:16.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/21 08:08:16.0828 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys

2011/01/21 08:08:16.0859 NWSIPX32 (e00b0349cc3921225ad60728230d78be) C:\WINDOWS\system32\NetWare\nwsipx32.sys

2011/01/21 08:08:16.0875 NWSLP (10e02fc7585e495dd963031520ad2f0a) C:\WINDOWS\system32\NetWare\nwslp.sys

2011/01/21 08:08:16.0906 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys

2011/01/21 08:08:16.0937 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/01/21 08:08:16.0953 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/21 08:08:16.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/21 08:08:17.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/21 08:08:17.0015 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

2011/01/21 08:08:17.0109 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/21 08:08:17.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/21 08:08:17.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/21 08:08:17.0171 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/21 08:08:17.0171 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/21 08:08:17.0218 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/01/21 08:08:17.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/21 08:08:17.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/21 08:08:17.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/21 08:08:17.0281 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/21 08:08:17.0296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/21 08:08:17.0296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/21 08:08:17.0312 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/21 08:08:17.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/21 08:08:17.0343 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/21 08:08:17.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/21 08:08:17.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/21 08:08:17.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/21 08:08:17.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/21 08:08:17.0468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/21 08:08:17.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/21 08:08:17.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/21 08:08:17.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/21 08:08:17.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/21 08:08:17.0578 RESMGR (382ec29aa5bbd5ea7e959167f9cdada2) C:\WINDOWS\system32\NetWare\resmgr.sys

2011/01/21 08:08:17.0609 SAVOnAccessControl (4041f1ab46a96a45ae4ac52cdc8c7a6c) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys

2011/01/21 08:08:17.0609 SAVOnAccessFilter (6ccde94e1a04fcd919ad7d6d0746f9bc) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys

2011/01/21 08:08:17.0640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/21 08:08:17.0656 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/21 08:08:17.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/21 08:08:17.0718 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

2011/01/21 08:08:17.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/21 08:08:17.0812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/21 08:08:17.0843 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys

2011/01/21 08:08:17.0875 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/21 08:08:17.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/21 08:08:17.0953 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/21 08:08:17.0968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/21 08:08:18.0000 SRVLOC (9a44b2bacf48abba25cbd043770a7fcb) C:\WINDOWS\system32\NetWare\srvloc.sys

2011/01/21 08:08:18.0031 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/21 08:08:18.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/21 08:08:18.0171 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/21 08:08:18.0187 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/21 08:08:18.0187 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/21 08:08:18.0203 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/21 08:08:18.0203 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/21 08:08:18.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/21 08:08:18.0265 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/21 08:08:18.0281 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/21 08:08:18.0281 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/21 08:08:18.0296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/21 08:08:18.0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/21 08:08:18.0359 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/21 08:08:18.0406 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/21 08:08:18.0437 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/21 08:08:18.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/21 08:08:18.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/21 08:08:18.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/21 08:08:18.0578 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/21 08:08:18.0625 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/21 08:08:18.0656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/21 08:08:18.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/21 08:08:18.0718 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/21 08:08:18.0765 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/21 08:08:18.0843 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/21 08:08:18.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/21 08:08:18.0906 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys

2011/01/21 08:08:18.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/21 08:08:18.0968 WavxDMgr (3703fd22341722fabfa284774d7bc4d4) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

2011/01/21 08:08:19.0000 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/01/21 08:08:19.0062 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/21 08:08:19.0171 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/01/21 08:08:19.0218 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/21 08:08:19.0250 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/21 08:08:19.0250 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/21 08:08:19.0750 ================================================================================

2011/01/21 08:08:19.0750 Scan finished

2011/01/21 08:08:19.0750 ================================================================================

2011/01/21 08:08:19.0765 Detected object count: 1

2011/01/21 08:08:36.0171 \HardDisk0 - will be cured after reboot

2011/01/21 08:08:36.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/21 08:09:01.0593 Deinitialize success

I did notice that the Recovery Console shows briefly before Windows startup. Have not seen "Generic Host Process" pop up (almost 30 minutes since reboot) and currently no new windows popping up in Firefox.

[LDTate]

2011/01/21 08:08:36.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Reboot if you haven't since that fix and we need to run TDSSKiller again after rebooting to be sure it's gone.

[piabads]

2011/01/21 09:22:25.0109 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51

2011/01/21 09:22:25.0109 ================================================================================

2011/01/21 09:22:25.0109 SystemInfo:

2011/01/21 09:22:25.0109

2011/01/21 09:22:25.0109 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/21 09:22:25.0109 Product type: Workstation

2011/01/21 09:22:25.0109 ComputerName: MBT

2011/01/21 09:22:25.0109 UserName: MBT

2011/01/21 09:22:25.0109 Windows directory: C:\WINDOWS

2011/01/21 09:22:25.0109 System windows directory: C:\WINDOWS

2011/01/21 09:22:25.0109 Processor architecture: Intel x86

2011/01/21 09:22:25.0109 Number of processors: 2

2011/01/21 09:22:25.0109 Page size: 0x1000

2011/01/21 09:22:25.0109 Boot type: Normal boot

2011/01/21 09:22:25.0109 ================================================================================

2011/01/21 09:22:25.0296 Initialize success

2011/01/21 09:22:27.0265 ================================================================================

2011/01/21 09:22:27.0265 Scan started

2011/01/21 09:22:27.0265 Mode: Manual;

2011/01/21 09:22:27.0265 ================================================================================

2011/01/21 09:22:28.0296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/21 09:22:28.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/21 09:22:28.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/21 09:22:28.0375 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/01/21 09:22:28.0406 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/21 09:22:28.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/21 09:22:28.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/21 09:22:28.0484 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/21 09:22:28.0500 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/21 09:22:28.0500 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/21 09:22:28.0515 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/21 09:22:28.0515 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/21 09:22:28.0531 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/21 09:22:28.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/21 09:22:28.0609 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/21 09:22:28.0640 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/21 09:22:28.0656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/21 09:22:28.0656 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/21 09:22:28.0687 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/21 09:22:28.0718 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/21 09:22:28.0750 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/21 09:22:28.0859 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/21 09:22:28.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/21 09:22:28.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/21 09:22:29.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/21 09:22:29.0031 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/21 09:22:29.0031 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/21 09:22:29.0062 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/21 09:22:29.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/21 09:22:29.0093 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/21 09:22:29.0093 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/21 09:22:29.0109 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/21 09:22:29.0125 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/21 09:22:29.0156 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/21 09:22:29.0156 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/21 09:22:29.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/21 09:22:29.0187 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2011/01/21 09:22:29.0203 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2011/01/21 09:22:29.0203 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/01/21 09:22:29.0218 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2011/01/21 09:22:29.0218 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2011/01/21 09:22:29.0234 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2011/01/21 09:22:29.0234 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2011/01/21 09:22:29.0250 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/01/21 09:22:29.0265 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2011/01/21 09:22:29.0281 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2011/01/21 09:22:29.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/21 09:22:29.0328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/21 09:22:29.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/21 09:22:29.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/21 09:22:29.0531 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/21 09:22:29.0687 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/21 09:22:29.0703 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/01/21 09:22:29.0718 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/01/21 09:22:29.0750 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys

2011/01/21 09:22:29.0781 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\dddsk.sys

2011/01/21 09:22:29.0812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/21 09:22:29.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/21 09:22:29.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/21 09:22:29.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/21 09:22:29.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/21 09:22:29.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/21 09:22:29.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/21 09:22:29.0937 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/01/21 09:22:30.0000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/21 09:22:30.0015 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/21 09:22:30.0031 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys

2011/01/21 09:22:30.0062 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/21 09:22:30.0093 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2011/01/21 09:22:30.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/21 09:22:30.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/21 09:22:30.0187 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/21 09:22:30.0218 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/21 09:22:30.0359 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/01/21 09:22:30.0515 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys

2011/01/21 09:22:30.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/21 09:22:30.0593 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/21 09:22:30.0593 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/21 09:22:30.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/21 09:22:30.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/21 09:22:30.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/21 09:22:30.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/21 09:22:30.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/21 09:22:30.0703 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/21 09:22:30.0734 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/21 09:22:30.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/21 09:22:30.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/21 09:22:30.0875 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/21 09:22:30.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/21 09:22:30.0937 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/21 09:22:30.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/21 09:22:31.0000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/21 09:22:31.0015 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/21 09:22:31.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/21 09:22:31.0031 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/21 09:22:31.0078 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/21 09:22:31.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/21 09:22:31.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/21 09:22:31.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/21 09:22:31.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/21 09:22:31.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/21 09:22:31.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/21 09:22:31.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/21 09:22:31.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/21 09:22:31.0343 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/21 09:22:31.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/21 09:22:31.0375 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/21 09:22:31.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/21 09:22:31.0406 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/21 09:22:31.0421 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/21 09:22:31.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/21 09:22:31.0515 NetwareWorkstation (a48f743759ea1c7917eb21cadf75f566) C:\WINDOWS\system32\NetWare\nwfs.sys

2011/01/21 09:22:31.0562 NICM (d686538f37dff96042047930650ac88d) C:\WINDOWS\system32\drivers\nicm.sys

2011/01/21 09:22:31.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/21 09:22:31.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/21 09:22:31.0656 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/01/21 09:22:31.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/21 09:22:31.0718 NWDHCP (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys

2011/01/21 09:22:31.0734 NWDNS (b6f69f4d4fae462574f3440070ac22ec) C:\WINDOWS\system32\NetWare\nwdns.sys

2011/01/21 09:22:31.0750 NWFILTER (3d8f24cbed28067e4c5a960ee67cdb19) C:\WINDOWS\system32\NetWare\nwfilter.sys

2011/01/21 09:22:31.0765 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys

2011/01/21 09:22:31.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/21 09:22:31.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/21 09:22:31.0796 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys

2011/01/21 09:22:31.0875 NWSIPX32 (e00b0349cc3921225ad60728230d78be) C:\WINDOWS\system32\NetWare\nwsipx32.sys

2011/01/21 09:22:31.0906 NWSLP (10e02fc7585e495dd963031520ad2f0a) C:\WINDOWS\system32\NetWare\nwslp.sys

2011/01/21 09:22:31.0921 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys

2011/01/21 09:22:31.0953 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/01/21 09:22:31.0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/21 09:22:32.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/21 09:22:32.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/21 09:22:32.0046 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

2011/01/21 09:22:32.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/21 09:22:32.0078 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/21 09:22:32.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/21 09:22:32.0156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/21 09:22:32.0156 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/21 09:22:32.0203 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/01/21 09:22:32.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/21 09:22:32.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/21 09:22:32.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/21 09:22:32.0281 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/21 09:22:32.0296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/21 09:22:32.0296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/21 09:22:32.0312 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/21 09:22:32.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/21 09:22:32.0343 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/21 09:22:32.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/21 09:22:32.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/21 09:22:32.0375 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/21 09:22:32.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/21 09:22:32.0421 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/21 09:22:32.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/21 09:22:32.0437 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/21 09:22:32.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/21 09:22:32.0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/21 09:22:32.0500 RESMGR (382ec29aa5bbd5ea7e959167f9cdada2) C:\WINDOWS\system32\NetWare\resmgr.sys

2011/01/21 09:22:32.0562 SAVOnAccessControl (4041f1ab46a96a45ae4ac52cdc8c7a6c) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys

2011/01/21 09:22:32.0593 SAVOnAccessFilter (6ccde94e1a04fcd919ad7d6d0746f9bc) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys

2011/01/21 09:22:32.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/21 09:22:32.0640 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/21 09:22:32.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/21 09:22:32.0671 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

2011/01/21 09:22:32.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/21 09:22:32.0718 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/21 09:22:32.0750 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys

2011/01/21 09:22:32.0765 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/21 09:22:32.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/21 09:22:32.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/21 09:22:32.0859 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/21 09:22:32.0937 SRVLOC (9a44b2bacf48abba25cbd043770a7fcb) C:\WINDOWS\system32\NetWare\srvloc.sys

2011/01/21 09:22:32.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/21 09:22:33.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/21 09:22:33.0015 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/21 09:22:33.0031 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/21 09:22:33.0031 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/21 09:22:33.0046 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/21 09:22:33.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/21 09:22:33.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/21 09:22:33.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/21 09:22:33.0109 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/21 09:22:33.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/21 09:22:33.0140 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/21 09:22:33.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/21 09:22:33.0218 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/21 09:22:33.0281 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/21 09:22:33.0312 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/01/21 09:22:33.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/21 09:22:33.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/21 09:22:33.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/21 09:22:33.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/21 09:22:33.0453 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/21 09:22:33.0484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/21 09:22:33.0515 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/21 09:22:33.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/21 09:22:33.0640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/21 09:22:33.0640 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/21 09:22:33.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/21 09:22:33.0703 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys

2011/01/21 09:22:33.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/21 09:22:33.0750 WavxDMgr (3703fd22341722fabfa284774d7bc4d4) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

2011/01/21 09:22:33.0796 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/01/21 09:22:33.0906 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/21 09:22:33.0953 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/01/21 09:22:34.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/21 09:22:34.0015 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/21 09:22:34.0078 ================================================================================

2011/01/21 09:22:34.0078 Scan finished

2011/01/21 09:22:34.0078 ================================================================================

2011/01/21 09:25:50.0812 Deinitialize success

Everything appears to be operating normally; I still see Recovery Console for a brief moment before Windows startup but don't think that's a big problem.

THANK YOU!!

[LDTate]

Combofix installed the RC. It is good to have that incase you need to use it in the future.

Run a new Combofix scan

[LDTate]

Do you still need help with this?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!