# Pop ups, invisible pop-ups and Audo Adverts?



## Baronyx (Aug 2, 2010)

I'm under the firm impression that my computer is infected.

I keep seeing pop-ups from 'Internet explorer' claiming that I've won the prize for being the ten thousand'th member or something similar (This is the only type of pop-up i have witnessed so far. Though the 'pop' noise which plays, often plays for no reason too)

I keep hearing what sound to be Adverts over my speakers, at first it was 'Gaviscon' adverts, and now I think it's probably some kind of video game advert (Lots of swords clashing and music)

Another thing is that i keep hearing the double-click noise, often plays a few dozen times and then stops.

I'm a regular PC gamer, and thus download a lot of (legal) mods and expansions. I scan all of these before opening, and it's all been clean since I can remember.

I'm currently using Avast home edition, Ad-aware, SUPERantispyware, and do regular scans on each, every time I either get a couple of malwares up (Avast rarely finds anything) Or nothing, but each time i finish the scan, The adverts still appear.

I'm not sure what else to do, I've scanned forums for anyone with a similar problem, but they all seem to have it resolved using the programs I listed. I wonder if anyone knows a better antivirus? or a manual removal? I'd really appreciate any help


----------



## CatByte (Feb 24, 2009)

Hi

Please do the following:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. 
Please post the contents of that file.

*
NEXT*

Please download *DDS* from either of these links

*LINK 1* 
*LINK 2*

and save it to your *desktop.*

Disable any script blocking protection
 Double click *dds.pif* to run the tool. 
When done, two *DDS.txt's* will open. 
Save both reports to your *desktop.*
---------------------------------------------------
*Please include the contents of the following in your next reply:*

*DDS.txt*
*Attach.txt*.

*NEXT*

Download *GMER Rootkit Scanner *from *here**http://www.gmer.net/download.php*http://www.gmer.net/download.php to your desktop. It will be a randomly named executable.

 Double click the exe file.
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*, then use the following settings for a more complete scan.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Ensure the following are *unchecked*
 IAT/EAT
 Drives/Partition other than Systemdrive (typically C:\) 
 Show All (don't miss this one)

 Then click the Scan button & wait for it to finish. 
 Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in reply.

_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries _


----------



## Baronyx (Aug 2, 2010)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x009000bd

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 spfv.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E61000 ACPI.sys
0xB9E50000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E31000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9E0B000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DF3000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9DD3000 fltmgr.sys
0xB9DC1000 sr.sys
0xBA0F8000 Lbd.sys
0xB9DAA000 KSecDD.sys
0xB9D1D000 Ntfs.sys
0xB9D09000 inspect.sys
0xB9CDC000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA5AE000 speedfan.sys
0xB9CC2000 Mup.sys
0xBA671000 giveio.sys
0xBA198000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB7269000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB7255000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB7230000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xBA498000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB720C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA4A8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA2E8000 \SystemRoot\System32\DRIVERS\l1e51x86.sys
0xBA430000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA5F2000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xB9643000 \SystemRoot\System32\DRIVERS\serial.sys
0xB7B34000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB95C3000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB935A000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB934A000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB71E9000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB71B3000 \SystemRoot\System32\Drivers\aj1k2m9w.SYS
0xBA764000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB933A000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB7710000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB719C000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB95B3000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA258000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB718B000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA268000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8DEA000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA458000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB91BA000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB715B000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA3C8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA2A8000 \SystemRoot\system32\drivers\SaiBus.sys
0xBA5FC000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB70FD000 \SystemRoot\System32\DRIVERS\update.sys
0xB981E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA2F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5A0000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0xBA308000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9C9E000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB931A000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA610000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xAAC28000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAAC04000 \SystemRoot\system32\drivers\portcls.sys
0xB930A000 \SystemRoot\system32\drivers\drmk.sys
0xB917A000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xAAB8E000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA630000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7E6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA614000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8E0A000 \SystemRoot\System32\drivers\vga.sys
0xBA618000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA63C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8DFA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8DE2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7E96000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAAB5B000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAAB02000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA3E8000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xAAAB4000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB92DA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAAA8C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAAA6A000 \SystemRoot\System32\drivers\afd.sys
0xB95F3000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAAA37000 \SystemRoot\System32\drivers\truecrypt.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAAA15000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA3F0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA9EA000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAA97A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA5A4000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA168000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA953000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA578000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA5CC000 \SystemRoot\system32\drivers\AsIO.sys
0xBA470000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAA935000 \SystemRoot\system32\DRIVERS\SaiK0728.sys
0xBA208000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAA892000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB9148000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA92BC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA636000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA90D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA4A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7CF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF0FC000 \SystemRoot\System32\atikvmag.dll
0xBF196000 \SystemRoot\System32\atiok3x2.dll
0xBF1FC000 \SystemRoot\System32\ati3duag.dll
0xBF557000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA687F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA68A3000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA64D4000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA5A08000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA5911000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5629000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xBA460000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA541D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA5541000 \SystemRoot\system32\drivers\sysaudio.sys
0xA4E80000 \SystemRoot\System32\Drivers\HTTP.sys
0xA46FA000 \SystemRoot\system32\drivers\kmixer.sys
0xA46A3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 44):
0 System Idle Process
4 SYSTEM
872 smss.exe
960 csrss.exe
992 winlogon.exe
1036 services.exe
1048 lsass.exe
1232 ati2evxx.exe
1252 svchost.exe
1280 svchost.exe
1392 svchost.exe
1672 cmdagent.exe
1700 svchost.exe
1940 svchost.exe
208 ati2evxx.exe
244 svchost.exe
292 svchost.exe
556 AvastSvc.exe
1436 spoolsv.exe
1476 Ad-AwareAdmin.exe
1856 svchost.exe
2008 mDNSResponder.exe
232 FsUsbExService.Exe
1308 hamachi-2.exe
1600 jqs.exe
1992 PnkBstrA.exe
2064 SeaPort.exe
2276 svchost.exe
2476 ViewpointService.exe
3560 alg.exe
1796 C:\WINDOWS\explorer.exe
2320 wltuser.exe
2508 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2696 C:\WINDOWS\RTHDCPL.exe
3824 SCServer.exe
1572 C:\WINDOWS\system32\ATWTUSB.EXE
2244 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2768 C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
3112 C:\Program Files\Java\jre6\bin\jusched.exe
3472 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
3188 C:\Program Files\Java\jre6\bin\jucheck.exe
3292 C:\Program Files\Mozilla Firefox\firefox.exe
3128 C:\WINDOWS\system32\wscntfy.exe
3924 C:\Documents and Settings\Toby\Desktop\MBRCheck.exe

\\.\C: --> error 5
\\.\U: --> error 2
\\.\X: --> error 5

PhysicalDrive0 Model Number: <error opening>
PhysicalDrive1 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (5)
ERROR Opening: \\.\PhysicalDrive1 (5)

Done!

________________

*(at this point, the program gave me a message claiming that windows could not find a specific .PIF file)

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Toby at 18:02:32.56 on 02/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1238 [GMT 1:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Toby\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hopsurf.com
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mStart Page = hxxp://www.koower.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam] "x:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>] 
mRun: [NPSStartup] 
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [atwtusb] atwtusb.exe beta
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230146335625
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230147284531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {3108FE8B-786E-4A04-B82E-AF43703306E6} = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\toby\applic~1\mozilla\firefox\profiles\7q668paw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000134X001US&p=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-27 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-10 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1778480]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-6-22 233472]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-23 24652]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-6-22 36608]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2010-1-26 104960]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2010-1-21 22272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S2 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper;c:\tombraid\traisvcs.exe --> c:\tombraid\TRAISVCS.EXE [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2009-2-10 31872]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2010-1-30 50048]

=============== Created Last 30 ================

2010-07-28 12:05:57 0 d--h--w- C:\VritualRoot
2010-07-28 11:56:39 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO
2010-07-28 11:42:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-07-28 08:27:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-27 17:41:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-27 17:41:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-27 16:26:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-27 16:25:33 0 d-----w- c:\program files\Lavasoft
2010-07-27 16:17:22 0 d-----w- c:\docume~1\toby\applic~1\SUPERAntiSpyware.com
2010-07-27 16:17:22 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-27 16:16:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 15:55:01 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-07-27 15:41:03 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-10 21:43:47 38848 ----a-w- c:\windows\avastSS.scr
2010-07-04 15:10:47 0 d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-07-04 15:10:27 0 d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP

==================== Find3M ====================

2010-07-11 18:12:48 406016 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-06-19 15:44:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-06-19 15:44:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-06-04 10:55:58 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 18:00:52 278288 ----a-w- c:\windows\system32\guard32.dll
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2006-06-24 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 18:02:49.00 ===============

cul
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/12/2008 18:38:01
System Uptime: 08/02/2010 03:30:49 (4215 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q SE
Processor: Intel Pentium III Xeon processor | LGA775 | 2659/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 70.218 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
H: is CDROM ()
X: is FIXED (NTFS) - 466 GiB total, 236.93 GiB free.

==== Disabled Device Manager Items =============

Class GUID: 
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&6605F67&0&0001
Manufacturer: 
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&6605F67&0&0001
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM Toolbar
Alien Swarm
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
ATI Display Driver
Audacity 1.2.6
avast! Free Antivirus
Batman: Arkham Asylum
BioShock 2
BitTorrent
Bonjour
Borderlands
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
COMODO Internet Security
Counter-Strike: Source Beta
DAEMON Tools Toolbar
Damnation
Dead Space
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
DNA
Download Updater (AOL LLC)
Dragon Age: Origins
Driver Detective
EA Download Manager
F.E.A.R.
F.E.A.R.: Extraction Point
F.E.A.R.: Perseus Mandate
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.9.13
Fraps
GameRanger
Google Earth
Google SketchUp 7
Google Update Helper
Graph 4.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
League of Legends
leogeo_timebeat
LogMeIn Hamachi
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NecroVisioN
NVIDIA PhysX
Oblivion
Oblivion - BTmod 2.20
Oblivion mod manager 1.1.12
OpenOffice.org 3.0
Opera 9.63
Overlord
Overlord II
Overlord: Raising Hell
Pando Media Booster
PC Connectivity Solution
PDF Settings
Pharaoh
Predator Race Mod for TES IV 6.0
Prototype(TM)
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Roll
Saitek Cyborg Keyboard Volume 6.2.1.3
Saitek SD6 Programming Software 6.2.1.3
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SamsungConnectivityCableDriver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Skype 3.8
Smart Defrag
SpeedFan (remove only)
SPORE
Stalker Complete 2009 v1.4.3
Star Wars: The Force Unleashed
Steam
SUPERAntiSpyware
The Lord of the Rings Online: Siege of Mirkwood v03.00.05.801
Thief - Deadly Shadows
Tomb Raider - The Last Revelation
Tomb Raider Chronicles
TortoiseSVN 1.6.6.17493 (32 bit)
Trine
TrueCrypt
Ultima IX
Unofficial Oblivion Patch v3.2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDMSound
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
WC3Banlist
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
Wireless Tablet Series
Works Suite OS Pack
World of Warcraft FREE Trial
Wurm Online 2.6.9c
Wurm Online 2.6.9d
Wurm Online 2.7.0
Wurm Online 2.7.1
Wurm Online 2.7.1c
Wurm Online 2.7.1d
Wurm Online 2.7.3-2617
Wurm Online 2.7.3-2648
Wurm Online 2.7.3-2649
Wurm Online 2.7.3-2651
Wurm Online 2.7.4-2655
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

30/07/2010 22:31:23, error: Service Control Manager [7022] - The WebClient service hung on starting.
30/07/2010 13:07:57, error: Service Control Manager [7034] - The Dragon Age: Origins - Content Updater service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 21:23:54, error: Service Control Manager [7000] - The Tomb Raider Advanced Installer Multiprocessor Helper service failed to start due to the following error: The system cannot find the file specified.
27/07/2010 21:22:21, error: ati2mtag [43038] - EDID contain an error in the RangeLimit field
27/07/2010 20:11:27, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
27/07/2010 17:10:06, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 17:09:13, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:38, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:35, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:31, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:22, error: Service Control Manager [7034] - The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:13, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:13, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:13, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 16:53:13, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/07/2010 16:51:01, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
27/07/2010 16:50:42, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
27/07/2010 14:45:11, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
27/07/2010 14:44:52, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The pipe state is invalid.
27/07/2010 14:44:52, error: Service Control Manager [7000] - The Alerter service failed to start due to the following error: The pipe state is invalid.
27/07/2010 14:30:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/07/2010 14:19:43, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
27/07/2010 14:18:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
27/07/2010 14:17:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AsIO aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip truecrypt
27/07/2010 14:17:47, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
27/07/2010 14:17:47, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/07/2010 14:17:47, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/07/2010 14:17:47, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
27/07/2010 14:17:47, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/07/2010 14:17:47, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/07/2010 12:17:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Dragon Age: Origins - Content Updater service to connect.

==== End Of File ===========================

*I downloaded the GMER rootkit scanner, but was unable to get any results, as When i activated the file, my computer simply shut down (and took some serious effort to get back up [Had to disable 'automatic shutdown upon system error']

Is this a problem? Can you tell me how to fix that? (All of my Antiviruses were disabled like you said)

Thank you so much for your help


----------



## CatByte (Feb 24, 2009)

Hi

Try running GMER in safe mode with just the "sections" and the "C:\" drive checked.

If it still wont run, try this scanner instead:

Please download this file, and save it to your *Desktop*.


Once you have downloaded it, save and close all other programs and run it by double-clicking on the file named "RootRepeal.exe".

Once the main window shows up, please click on the "Report" button on the bottom of the window.

Next, please click the "Scan" button.

Another window will pop up asking you to select what to include in the scan.

Please *uncheck* everything except for the *"Stealth Code"* checkbox, and then click *OK*.

Once the program has finished scanning, the results will appear.

Click on the *"Save Report"* button, and save the report to your *desktop*.

Finally, please open this report with Notepad, and *post it here*.


----------



## Baronyx (Aug 2, 2010)

I'm receiving an error upon using Rootrepeal.

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x00409ca5
Attempt to write to address: 0x0000000c

The program simply will not run


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:

Download *ComboFix *from here

VERY IMPORTANT !!! Save ComboFix.exe to your *Desktop *

* IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 

Double click on *ComboFix.exe* & follow the prompts.
As part of it's process, *ComboFix will check to see if the Microsoft Windows Recovery Console* is installed. With malware infections being as they are today, it's *strongly recommended *to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.











Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:











*Click on Yes*, to continue scanning for malware.
When finished, it shall produce a log for you.* Please include the C:\ComboFix.txt in your next reply.*
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


----------



## Baronyx (Aug 2, 2010)

Well I ran the program, And it installed the restore function thing,

It auto-restarted a couple of times, before scanning for malware, at which point it got to 'stage 50' or so, and Blue-screened on me 

I haven't touched it since, and there's no text file.


----------



## CatByte (Feb 24, 2009)

Hi

Please check at c:\combofix.txt

if there is no log there
then please boot into safe mode and re-run the program

to enter safe mode > reboot > tap F8 repeatedly on boot up until an advanced menu appears > arrow up to safemode


----------



## Baronyx (Aug 2, 2010)

Sorry I haven't replied in so long, been on holiday

After the Crash i mentioned above, I haven't met the pop-ups, or the Audio ads... Does this mean the fix worked, and the virus is gone? Or is this just wishful thinking..

I guess im trying to put off the massive scan, because It's a pretty important computer, and having it out of action isn't easy for so long 


Sorry if i'm being stupid.


----------



## CatByte (Feb 24, 2009)

I'm sorry, I won't know till I see a ComboFix log


----------



## Baronyx (Aug 2, 2010)

Okay I'll get onto that ASAP on safe mode.

Will it work on my account? Or do i need to do it on 'administrator' The program does not show up on Administrator :/


----------



## CatByte (Feb 24, 2009)

you can do it on your account


----------



## Baronyx (Aug 2, 2010)

Two small problems:

Combofix claims to be out of date,

And there is no real way of deactivating my Avast Antivirus... I have turned all of the scanners off, but Combofix still warned me, is this enough?

*Edit:
* 
On that note, does Combofix require user input? Or can i leave it on Overnight to do its thing?

thanks


----------



## CatByte (Feb 24, 2009)

Hi

delete the copy of ComboFix that you have on your desktop and download a fresh copy from the following link

Yes, ComboFix does require a little user input in the beginning,

it shouldn't take that long to scan

*Link 1*


----------



## Baronyx (Aug 2, 2010)

ComboFix 10-08-25.01 - Toby 26/08/2010 12:21:13.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1762 [GMT 1:00]
Running from: c:\documents and settings\Toby\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-06 21:05 . 2010-08-06 21:05 48128 ----a-w- c:\documents and settings\Toby\Application Data\Samsung\New PC Studio\LiveUpdate\Setup_Full_Update_NPS2_10064_2.exe
2010-08-06 20:42 . 2010-08-06 20:42 -------- d-----w- c:\program files\MarkAnyContentSAFER
2010-08-06 18:31 . 2010-08-06 20:37 89280248  ----a-w- c:\documents and settings\Toby\Application Data\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-08-06 18:25 . 2010-08-06 18:25 -------- d-----w- c:\program files\MarkAny
2010-08-03 00:24 . 2010-08-03 00:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-30 17:08 . 2010-07-30 17:08 -------- d-----w- c:\documents and settings\Toby\Local Settings\Application Data\PCHealth
2010-07-28 12:05 . 2010-07-28 12:05 -------- d-----w- C:\VritualRoot
2010-07-28 11:56 . 2010-07-28 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-28 11:42 . 2010-07-28 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-27 19:10 . 2010-07-27 19:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-07-27 17:41 . 2010-07-27 17:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-27 16:27 . 2010-07-27 16:27 -------- d-----w- c:\documents and settings\Toby\Local Settings\Application Data\Sunbelt Software
2010-07-27 16:25 . 2010-08-26 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-27 16:17 . 2010-07-27 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-27 15:51 . 2010-07-27 15:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-07-27 15:41 . 2010-07-27 15:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-27 13:20 . 2010-07-27 15:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 02:23 . 2009-01-19 11:43 1 ----a-w- c:\documents and settings\Toby\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-22 11:52 . 2009-07-11 13:26 -------- d-----w- c:\documents and settings\Toby\Application Data\GetRightToGo
2010-08-06 20:45 . 2008-12-24 19:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 20:40 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-06 18:26 . 2009-06-22 17:51 -------- d-----w- c:\documents and settings\Toby\Application Data\Samsung
2010-08-06 18:25 . 2009-06-22 17:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-06 18:24 . 2009-06-22 17:49 -------- d-----w- c:\program files\Samsung
2010-07-28 13:19 . 2008-12-24 23:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-28 11:45 . 2010-02-15 19:40 -------- d-----w- c:\program files\COMODO
2010-07-25 00:40 . 2008-12-24 23:46 -------- d-----w- c:\program files\Warcraft III
2010-07-21 18:16 . 2008-12-24 22:14 -------- d-----w- c:\documents and settings\Toby\Application Data\Skype
2010-07-21 17:24 . 2008-12-24 22:16 -------- d-----w- c:\documents and settings\Toby\Application Data\skypePM
2010-07-11 18:32 . 2010-07-11 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Comodo
2010-07-11 18:12 . 2010-02-15 19:51 406016 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-07-10 21:43 . 2010-02-12 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-10 21:43 . 2008-12-24 21:52 -------- d-----w- c:\program files\Alwil Software
2010-07-04 15:10 . 2010-02-17 17:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-10 21:43 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-10 21:43 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-10 21:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-10 21:45 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-10 21:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-10 21:45 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-10 21:45 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-10 21:45 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-10 21:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:15 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 15:44 . 2010-06-19 15:44 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-06-19 15:44 . 2010-06-19 15:44 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-06-17 14:03 . 2003-03-31 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-12-24 18:35 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-03-31 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 10:55 . 2010-06-04 10:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 18:00 . 2010-06-01 18:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 18:00 . 2010-06-01 18:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 18:00 . 2010-06-01 18:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 18:00 . 2010-06-01 18:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="x:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-08-06 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"="atwtusb.exe beta" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-03-26 2708312]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Toby^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Toby\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Toby^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Toby\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 22:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-08-06 20:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-02-02 01:32 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-02-06 18:17 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 20:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 10:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2008-01-18 17:35 233472 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2008-01-18 17:36 131072 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2006-12-21 16:05 731976 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe Version Cue CS3"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Codemasters\\Damnation\\Binaries\\DamnGame.exe"=
"x:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Toby\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"x:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\bioshock 2\\SP\\Builds\\Binaries\\Bioshock2Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\bioshock 2\\MP\\Builds\\Binaries\\Bioshock2Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\bioshock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\deus ex invisible war\\System\\dx2.exe"=
"x:\\Program Files\\Steam\\steamapps\\dateavampire\\team fortress 2\\hl2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"x:\\Program Files\\League of Legends\\Air\\LolClient.exe"=
"x:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fear ultimate shooter edition\\FEAR.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fear ultimate shooter edition\\FEARXP2\\FEARXP2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fear ultimate shooter edition\\FEARXP\\FEARXP.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord ii\\Overlord2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord ii\\Config.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\champions online\\Champions Online.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"x:\\Program Files\\Steam\\steamapps\\dateavampire\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:*isabled:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:*isabled:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:*isabled:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:*isabled:Adobe Version Cue CS3 Server
"6112:TCP"= 6112:TCP:warcraft 
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"58536:TCP"= 58536:TCPando Media Booster
"58536:UDP"= 58536:UDPando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6921:TCP"= 6921:TCP:League of Legends Launcher
"6921:UDP"= 6921:UDP:League of Legends Launcher
"6949:TCP"= 6949:TCP:League of Legends Launcher
"6949:UDP"= 6949:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher

S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [21/01/2010 18:02 22272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/07/2010 22:45 165456]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11:55 229312]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 19:00 25240]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/07/2010 22:45 17744]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [22/06/2009 18:51 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 18:35 135664]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
S2 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper;c:\tombraid\TRAISVCS.EXE --> c:\tombraid\TRAISVCS.EXE [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23/06/2009 03:50 24652]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 21:07 25832]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [22/06/2009 18:51 36608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 22:10 32512]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [10/02/2009 17:23 31872]
S3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [26/01/2010 16:52 104960]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [30/01/2010 20:54 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/01/2009 19:31 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 17:35]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 17:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hopsurf.com
mStart Page = hxxp://www.koower.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {3108FE8B-786E-4A04-B82E-AF43703306E6} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Toby\Application Data\Mozilla\Firefox\Profiles\7q668paw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-RGSC - c:\program files\steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-AIM Toolbar - c:\program files\AIM Toolbar\uninstall.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files\steam\steamapps\common\fallout 3\fomm\uninstall\unins000.exe
AddRemove-Predator Race Mod for TES IV - c:\program files\Bethesda Softworks\Oblivion\uninst.exe
AddRemove-Unofficial Oblivion Patch_is1 - c:\program files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 12:30
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-2077806209-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:85,34,bf,45,77,5a,82,e7,de,b7,45,42,a8,aa,73,d1,43,84,83,52,60,
1b,2c,f9,96,92,c6,4b,55,56,bc,54,e7,a7,aa,97,ea,c6,8a,bb,83,0d,52,98,72,63,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*'| "ò]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="?S?SÑ"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\=???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Zjõw*`E]
"DisplayName"="????????"
"DeviceDesc"="????????"
"ProviderName"=""
"MFG"="\\CurrentControlSet\\Services\\ati2mtag\\Device0"
"ReinstallString"="?"
"DeviceInstanceIds"=multi:"\0c\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ìÑ*põw]
"DisplayName"="????????"
"DeviceDesc"="????????"
"ProviderName"=""
"MFG"="\\CurrentControlSet\\Services\\ati2mtag\\Device0"
"ReinstallString"="?"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(312)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\guard32.dll
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-26 12:33:42
ComboFix-quarantined-files.txt 2010-08-26 11:33

Pre-Run: 74,100,625,408 bytes free
Post-Run: 74,325,213,184 bytes free

- - End Of File - - E35CC6D0B14E1F83F6E3E029F7F39624

*Edit:

I know it says Avast and Comodo were active, But Comodo I had no way to deactivate (my tray icons dont show up in safe mode) and avast had all of its scanners deactivated

I hope thats not a big problem...

update:*

I'm experiencing issues trying to install certain programs now. Apparently my Administrator user account, lacks administrative privileges...

I checked around this forum, and that seems to be a common symptom of Virus damage to registry folders or something... is there any way to fix this without an OS reinstall?


----------



## CatByte (Feb 24, 2009)

can you please see if the first log is located at c:\qoobox\combofix2.txt

if you find it there - please post it

thanks


----------



## Baronyx (Aug 2, 2010)

2010-08-26 11:32:48 . 2010-08-26 11:32:48 1,934 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Unofficial Oblivion Patch_is1.reg.dat
2010-08-26 11:32:48 . 2010-08-26 11:32:48 808 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Predator Race Mod for TES IV.reg.dat
2010-08-26 11:32:48 . 2010-08-26 11:32:48 2,174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Fallout Mod Manager_is1.reg.dat
2010-08-26 11:32:48 . 2010-08-26 11:32:48 644 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-AIM Toolbar.reg.dat
2010-08-26 11:32:41 . 2010-08-26 11:32:41 640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat
2010-08-26 11:32:41 . 2010-08-26 11:32:41 678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-RGSC.reg.dat
2010-08-26 11:32:38 . 2010-08-26 11:32:39 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2010-08-26 11:32:35 . 2010-08-26 11:32:35 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NPSStartup.reg.dat
2010-08-03 01:05:24 . 2010-08-26 11:27:18 7,402 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-08-03 00:51:17 . 2010-08-03 00:51:16 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk1.mbr
2010-08-03 00:51:16 . 2010-08-03 00:51:16 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2010-08-03 00:36:52 . 2010-08-26 11:18:03 204 ----a-w- C:\Qoobox\Quarantine\catchme.log

I had that, on 'Combofix-quarantined-files'

And under 'add-remove programs'

7-Zip 4.65
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM Toolbar
Alien Swarm
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
ATI Display Driver
Audacity 1.2.6
avast! Free Antivirus
Batman: Arkham Asylum
BioShock 2
BitTorrent
Bonjour
Borderlands
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Champions Online
COMODO Internet Security
Counter-Strike: Source Beta
DAEMON Tools Toolbar
Damnation
Dead Space™
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
DNA
Download Updater (AOL LLC)
Dragon Age: Origins
Driver Detective
EA Download Manager
F.E.A.R.
F.E.A.R.: Extraction Point
F.E.A.R.: Perseus Mandate
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.9.13
Fraps
GameRanger
Google Earth
Google SketchUp 7
Google Update Helper
Graph 4.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
League of Legends
leogeo_timebeat
LogMeIn Hamachi
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NecroVisioN
NVIDIA PhysX
Oblivion
Oblivion - BTmod 2.20
Oblivion mod manager 1.1.12
OpenOffice.org 3.0
Opera 9.63
Overlord
Overlord II
Overlord: Raising Hell
Pando Media Booster
PC Connectivity Solution
PDF Settings
Pharaoh
Predator Race Mod for TES IV 6.0
Prototype(TM)
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Roll
Saitek Cyborg Keyboard Volume 6.2.1.3
Saitek SD6 Programming Software 6.2.1.3
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SamsungConnectivityCableDriver
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 3.8
Smart Defrag
SpeedFan (remove only)
SPORE™
Stalker Complete 2009 v1.4.3
Star Wars: The Force Unleashed
Steam
The Lord of the Rings Online™: Siege of Mirkwood™ v03.00.05.801
Thief - Deadly Shadows
Tomb Raider - The Last Revelation
Tomb Raider Chronicles
TortoiseSVN 1.6.6.17493 (32 bit)
Trine
TrueCrypt
Ultima IX
Unofficial Oblivion Patch v3.2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDMSound
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
WC3Banlist
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
Wireless Tablet Series
Works Suite OS Pack
World of Warcraft FREE Trial
Wurm Online 2.6.9c
Wurm Online 2.6.9d
Wurm Online 2.7.0
Wurm Online 2.7.1
Wurm Online 2.7.1c
Wurm Online 2.7.1d
Wurm Online 2.7.3-2617
Wurm Online 2.7.3-2648
Wurm Online 2.7.3-2649
Wurm Online 2.7.3-2651
Wurm Online 2.7.4-2655
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

Nothing more.


----------



## CatByte (Feb 24, 2009)

Hi

Please do the following

Please download *Malwarebytes' Anti-Malware * 

Double Click *mbam-setup.exe* to install the application.
Make sure a *checkmark* is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish.*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

**Vista/Win7 users - right click on the IE icon and run as administrator

*Run an on-line scan with Kaspersky*

Using Internet Explorer or Firefox, visit *Kaspersky On-line Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions. 
*2.* To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan
*3.* Click *Run* at the Security prompt. 
The program will then begin downloading and installing and will also update the database. 
Please be patient as this can take several minutes. 

Once the update is complete, click on *My Computer* under the green *Scan* bar to the left to start the scan. 
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. 
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined. 
Click *View scan report* at the bottom.










 Click the *Save as Text* button to save the file to your desktop so that you may post it in your next reply


----------



## Baronyx (Aug 2, 2010)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4531

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

02/09/2010 17:22:06
mbam-log-2010-09-02 (17-22-06).txt

Scan type: Quick scan
Objects scanned: 139705
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

___________________________________________

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 3, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 02, 2010 11:57:07
Records in database: 4178649
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
X:\

Scan statistics:
Objects scanned: 349039
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 07:02:08

File name / Threat / Threats count
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1
C:\Qoobox\Quarantine\MBR_HardDisk1.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1

Selected area has been scanned.


----------



## CatByte (Feb 24, 2009)

Just housekeeping to do now

please do the following:

Visit *ADOBE*and download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.

*NEXT*









*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to remove older version Java components and update.*

Download the latest version of *Java Runtime Environment (JRE) 21* and save it to your desktop.
Scroll down to where it says *JDK 6 Update 21 (JDK or JRE)*
Click the *Download JRE* button to the right
Select the *Windows* platform from the dropdown menu.
Read the License Agreement and then check the box that says: "_I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement_". Click on *Continue.*The page will refresh.
Click on the link to download *Windows Offline Installation* and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on *Add or Remove Programs* and remove all older versions of Java.
Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the *Remove* or *Change/Remove* button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-6u21-windows-i586-p.exe* to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*

*Applications and Applets
Trace and Log Files*

Click OK on Delete Temporary Files Window

*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


*NEXT*

You can delete the *MBRCheck*, *DDS* and *GMER* logs and programs from your desktop.

*
NEXT*

*Follow these steps to uninstall Combofix *


Make sure your security programs are totally disabled.
Click *START* then *RUN*
Now copy/paste *Combofix /uninstall* into the *runbox* and click *OK.* Note the *space* between the *..X* and the */U*, it needs to be there.










If there are any logs/tools remaining > right click and delete them.

*NEXT*

Below I have included a number of recommendations for how to protect your computer against malware infections.


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article *
Strong passwords: How to create and use them* Then consider a *password keeper,* to keep all your passwords safe.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*Download* *TFC* *to your desktop*
Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go 
*Yellow* for caution 
*Red* to stop
 WOT has an addon available for both Firefox and IE

*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*Think Prevention.*
*PC Safety and Security--What Do I Need?.*

***Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. *

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.


----------



## Baronyx (Aug 2, 2010)

Thank you so much for helping me get rid of that.
I do have one last issue, I'm not sure if it belongs in another thread?...

I think the Infection my PC had has corrupted some of my registry or something...
My user account, which is in Administrator groups, will full privileges, is unable to install/uninstall certain programs because windows claims that I need to be running as an administrator?

I don't know if this was caused by the virus or what... 

Do i need to make a new thread for this?


----------



## CatByte (Feb 24, 2009)

Hi,

See if this works,

this will restore the security settings back to their default settings:

Start Menu - type in Search box -> *CMD * find at top - Right Click on - *RUN AS ADMIN
*

Copy and Paste the following at the command prompt :

*secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose*

Hit Enter,

let me know if that helps


----------



## Baronyx (Aug 2, 2010)

I received an error; and this recorded Log:

-------------------------------------------
Friday, September 03, 2010 10:23:07 PM
Warning 2: The system cannot find the file specified.
Error opening C:\WINDOWS\inf\defltbase.inf.
----Configuration engine was initialized with one or more errors.----


----Un-initialize configuration engine...




Eh...


----------



## CatByte (Feb 24, 2009)

OK,

The original issue is likely due to a permission issue.

Try running system file checker

1. Open a elevated command prompt. > Open the Start Menu.
Click on *All Programs and Accessories*, then *right click* on *Command Prompt *and click on *Run as administrator*.

2. In the elevated command prompt, type *sfc /scannow* and press *Enter*.

3. When the scan is complete, hopefully you will see all is *ok *

4. When done, close the elevated command prompt.


----------



## Baronyx (Aug 2, 2010)

It wants me to insert my windows CD to copy some files to DLL or something.

I don't have my Windows CD anymore I don't think :/


----------



## CatByte (Feb 24, 2009)

do you know which specific files are missing? we may be able to download them

or do you know anyone with an installation disk you could borrow?

and my apologies, I gave you instructions for Vista/Win7 OS, rather than XP, but I see you figured it out, my mistake, sorry.

One other thing > your MBAM log says "no action taken" > did you copy that log before you deleted those items? I just want to make certain you allowed MBAM to delete those entries.


----------



## Baronyx (Aug 2, 2010)

Oh, Yes I saved the log before I realized I had to remove the infected files. I'm almost certain.


----------



## CatByte (Feb 24, 2009)

have you had any luck locating a disk?


----------



## Baronyx (Aug 2, 2010)

I have a friend who may still have his Windows Xp disk, but a CD key is probably out of the question now. Will i need one of those for the scan?


----------



## CatByte (Feb 24, 2009)

no you wont need your product key, it just needs the disk to replace any missing files it needs


----------



## Baronyx (Aug 2, 2010)

Oh that should be okay then. Probably won't be able to get the disk until Monday though.I'll post an update then


----------



## Baronyx (Aug 2, 2010)

I did the cmd prompt scan, with a windows disk, but the user account still isn't considered 'Administrator' I will try again today to see if it missed something, but is there any other options?


----------



## CatByte (Feb 24, 2009)

Hi

You need to run it from an *elevated command prompt*

Go to Start > type *cmd*

when the command prompt appears in the top window > right click on the Command Prompt and click *Run as administrator.*

In the elevated command prompt, type *sfc /scannow* and press Enter.

When the scan is complete, hopefully you will see all is ok

When done, close the elevated command prompt.


----------



## Baronyx (Aug 2, 2010)

I've done that scan twice now and It hasn't seemed to have helped; Should I try in safe mode? or is that pointless


----------



## CatByte (Feb 24, 2009)

Hi,

I must apologize, I mixed this thread up with a similar one and I have been giving you instructions for a Vista operating system and not an XP, my mistake,

Your user account has become corrupted. The easiest way to correct this is to create another user account for yourself giving it administrator priveledges, copy over the data from the old account to the new, then delete the old corrupted account

Instructions for doing so can be found here

http://support.microsoft.com/kb/811151


----------



## Baronyx (Aug 2, 2010)

That link is useful, but doesn't Verify a few of my concerns, I was wondering; Do i simply transfer my User data over accounts? Or do i need to reinstall every program and move all files?


----------



## CatByte (Feb 24, 2009)

You shouldn't have any issues, you just copy over from the corrupted account to the new

here's some more tips

http://www.kellys-korner-xp.com/win_xp_logon.htm#usercopy

http://thedailyreviewer.com/xphelp/...ings-into-a-new-user-account-on-xp-1011281845


----------



## Baronyx (Aug 2, 2010)

Okay the account is made, programs seem to have loaded over fine,

However I was wondering, If my User account is corrupt; Won't carrying over the previous user data (from the corrupt account) Just make the new one corrupt?

I have no idea how the files and systems work for users, but Those websites don't seem to cover it :/


----------



## CatByte (Feb 24, 2009)

just copying the files over wont corrupt the new profile.


use the new profile opening all your usual programs...how is the machine running

Please run a fresh DDS and Attach.txt and advise if there are any outstanding issues


----------



## Baronyx (Aug 2, 2010)

Well i tried to carry over the user Data, And Now it's told me an Error occured; that I cannot move the data because, Either the disk is write-protected or the file is in use.

I am moving it from a 3rd account, unlinked to the Mover and the movee, as it were.
What am i supposed to do now?

This computer seems to get more broken as I fix it!


----------



## CatByte (Feb 24, 2009)

try using the method outline in this MS article

what are you doing specifically when you get the error message

http://support.microsoft.com/kb/811151


----------



## Baronyx (Aug 2, 2010)

At the time of the error: I am Logged on as administrator account i've called 'Temp Admin', have checked the appropriate boxes to show system files etc, and am trying to move my User data from 'Main' to 'New'. The Error occurs almost instantly.


----------



## CatByte (Feb 24, 2009)

Hi

try using the Fix-it button on this page

it should reset those permissions

http://support.microsoft.com/kb/949377


----------



## Baronyx (Aug 2, 2010)

The fix it program will not install. gets to about 90% of the installer bar and stops.

I cannot uninstall to fix this, as the program has not yet fully installed, and doesn't appear on my add/remove programs.

The endless list of things wrong continues 

*Edit:*

Took almost a whole day but it did it for some odd reason...

No program has been visibly installed though... Does it fix things on its own or what...


----------



## CatByte (Feb 24, 2009)

Yes, It should fix it on it's own

Please advise how the computer is running and is there are any outstanding issues.


----------



## Baronyx (Aug 2, 2010)

Well I keep getting I/O errors when inserting CDs into the Drive, But I feel this is probably a hardware issue, as it randomly works sometimes. 

The Computer is however, Freezing occassionally, looping the sound it was playing at the time, All of this for about 15-20 seconds each time. I'm told this might be overheating? But I'm not sure if this ever happened before the virus


----------



## CatByte (Feb 24, 2009)

Please post another set of diagnostic logs so I can take a look, see if there is anything I've missed

I'll give you the full instructions again:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. 
Please post the contents of that file.

*
NEXT*

Please download *DDS* from either of these links

*LINK 1* 
*LINK 2*

and save it to your *desktop.*

Disable any script blocking protection
 Double click *dds.pif* to run the tool. 
When done, two *DDS.txt's* will open. 
Save both reports to your *desktop.*
---------------------------------------------------
*Please include the contents of the following in your next reply:*

*DDS.txt*
*Attach.txt*.

*NEXT*

Scan With RootKitUnHooker


Please Download *Rootkit Unhooker* and save it to your desktop.
Now double-click on *RKUnhookerLE.exe* to run it.
Click the *Report* tab, then click *Scan*.
Check (Tick) *Drivers and Stealth*
Uncheck the rest. then click *OK*
When prompted to Select Disks for Scan, make sure *C:\* is checked and click OK
Wait till the scanner has finished and then click *File > Save Report.*
Save the report somewhere where you can find it. Click *Close.*
Copy the entire contents of the report and paste it in your next reply.

_Note** you may get the following warning, just click *OK* and continue.

*"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"*_


----------



## Baronyx (Aug 2, 2010)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0080000d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xBA5AE000 speedfan.sys
0xB9DEE000 Mup.sys
0xBA671000 giveio.sys
0xBA208000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB8B54000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB569B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB5676000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xBA4B0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB5652000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA340000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA288000 \SystemRoot\System32\DRIVERS\l1e51x86.sys
0xBA380000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA628000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xB76A9000 \SystemRoot\System32\DRIVERS\serial.sys
0xB9DA6000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB7699000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA318000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB7629000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB562F000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA388000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA75D000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB9DAE000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB5618000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA278000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA188000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA378000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB5607000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA298000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA390000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA398000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA400000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB55D7000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA138000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA3D0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA63E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB5579000 \SystemRoot\System32\DRIVERS\update.sys
0xB5B5A000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA158000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA658000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xA8F38000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8F14000 \SystemRoot\system32\drivers\portcls.sys
0xB7619000 \SystemRoot\system32\drivers\drmk.sys
0xBA450000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA656000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7A0000 \SystemRoot\System32\Drivers\Null.SYS
0xBA664000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA65A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA64E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA59C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA8E79000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA8E20000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA2B8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8DFA000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xA8DD2000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA8DB0000 \SystemRoot\System32\drivers\afd.sys
0xBA2D8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8D7D000 \SystemRoot\System32\drivers\truecrypt.sys
0xA8D52000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA8CE2000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB6C87000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8CBB000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA654000 \SystemRoot\system32\drivers\AsIO.sys
0xBA460000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9111000 \SystemRoot\system32\drivers\usbaudio.sys
0xBA58C000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB9101000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA594000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8C75000 \SystemRoot\system32\DRIVERS\SaiK0728.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA8BFA000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA598000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB90E1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8BE2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8C9B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA4A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10A000 \SystemRoot\System32\atikvmag.dll
0xBF1B6000 \SystemRoot\System32\atiok3x2.dll
0xBF21B000 \SystemRoot\System32\ati3duag.dll
0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA858A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA577A000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA5623000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA539E000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA518E000 \SystemRoot\System32\DRIVERS\srv.sys
0xB653F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8222000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xA4E09000 \SystemRoot\system32\drivers\wdmaud.sys
0xA5286000 \SystemRoot\system32\drivers\sysaudio.sys
0xA4B1A000 \SystemRoot\System32\Drivers\HTTP.sys
0xA4397000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 SYSTEM
764 C:\WINDOWS\system32\smss.exe
812 csrss.exe
844 C:\WINDOWS\system32\winlogon.exe
888 C:\WINDOWS\system32\services.exe
900 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\ati2evxx.exe
1092 C:\WINDOWS\system32\svchost.exe
1172 svchost.exe
1532 C:\WINDOWS\system32\svchost.exe
1668 svchost.exe
1792 svchost.exe
1948 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1956 C:\WINDOWS\system32\ati2evxx.exe
664 C:\WINDOWS\system32\spoolsv.exe
1992 svchost.exe
408 C:\Program Files\Bonjour\mDNSResponder.exe
488 C:\WINDOWS\system32\FsUsbExService.Exe
1440 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
1512 C:\Program Files\Java\jre6\bin\jqs.exe
1588 C:\WINDOWS\system32\PnkBstrA.exe
1736 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
540 C:\WINDOWS\system32\svchost.exe
1268 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2508 alg.exe
2896 C:\WINDOWS\explorer.exe
3136 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3148 C:\WINDOWS\system32\ATWTUSB.EXE
468 C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
3456 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3780 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
3928 C:\WINDOWS\system32\svchost.exe
3980 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3996 C:\WINDOWS\RTHDCPL.EXE
4028 C:\Program Files\Pando Networks\Media Booster\PMB.exe
3660 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1244 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
4036 C:\Program Files\Mozilla Firefox\firefox.exe
264 C:\Program Files\Mozilla Firefox\plugin-container.exe
3360 X:\Program Files\Steam\Steam.exe
3708 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2616 C:\WINDOWS\system32\wscntfy.exe
3476 C:\Documents and Settings\Tobocom\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\X: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250410AS, Rev: 4.AAA 
PhysicalDrive1 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

______________________________

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
X:\Program Files\Steam\Steam.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tobocom\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.koower.com/
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [atwtusb] atwtusb.exe beta
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230146335625
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230147284531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {3108FE8B-786E-4A04-B82E-AF43703306E6} = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tobocom\applic~1\mozilla\firefox\profiles\3dzd0g8g.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-10 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-6-22 233472]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-23 24652]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-6-22 36608]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2010-1-26 104960]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2010-1-21 22272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S2 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper;c:\tombraid\traisvcs.exe --> c:\tombraid\TRAISVCS.EXE [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-24 1691480]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 40384]
S3 cpuz132;cpuz132;\??\c:\docume~1\toby\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\toby\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2009-2-10 31872]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2010-1-30 50048]

=============== Created Last 30 ================

2010-11-07 19:40:45 15256 ----a-w- c:\docume~1\tobocom\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-04 15:56:57 -------- d-----w- c:\docume~1\tobocom\locals~1\applic~1\The Lord of the Rings Online
2010-11-04 15:51:59 -------- d-----w- c:\docume~1\tobocom\locals~1\applic~1\Turbine
2010-11-04 15:17:45 -------- d-----w- c:\docume~1\tobocom\locals~1\applic~1\Fallout3
2010-11-04 07:59:08 -------- d-----w- c:\docume~1\tobocom\applic~1\TrueCrypt
2010-11-03 23:40:03 -------- d-----w- c:\docume~1\tobocom\locals~1\applic~1\PMB Files
2010-11-03 23:39:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-10-26 19:45:58 -------- d-----w- c:\program files\oZone3D
2010-10-24 19:46:39 359016 ----a-w- c:\windows\vncutil.exe
2010-10-24 19:46:31 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-10-24 19:46:31 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-10-24 19:46:18 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-10-24 19:46:13 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-10-24 15:41:01 -------- d-----w- c:\program files\StarCraft II
2010-10-24 15:41:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-10-24 13:15:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment.temp
2010-10-22 23:46:41 -------- d-----w- c:\windows\system32\NtmsData
2010-10-19 14:44:37 -------- d-----w- c:\docume~1\tobocom\applic~1\Polynomial
2010-10-19 03:04:52 -------- d-----w- c:\docume~1\tobocom\applic~1\Malwarebytes
2010-10-17 15:59:45 -------- d-----w- c:\docume~1\tobocom\applic~1\Mount&Blade
2010-10-16 12:28:24 -------- d-----w- c:\documents and settings\tobocom\Tracing

==================== Find3M ====================

2010-10-05 17:11:48 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-10-05 17:11:48 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-10-05 17:11:48 1833576 ----a-w- c:\windows\SkyTel.exe
2010-10-05 17:11:36 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-10-05 17:11:36 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-10-05 17:11:12 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-10-05 17:10:50 2180712 ----a-w- c:\windows\MicCal.exe
2010-10-05 17:10:38 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-10-05 17:10:38 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-10-05 17:10:38 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-09-29 12:11:02 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-11 01:57:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56:02 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54:56 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50:34 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43:44 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42:48 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39:06 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29:12 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26:58 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26:46 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25:38 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25:14 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23:12 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19:56 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18:14 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17:56 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13:12 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-03 14:52:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-03 14:52:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:37:29.73 ===============
_____________________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2008 6:38:01 PM
System Uptime: 11/11/2010 7:27:00 AM (15 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q SE
Processor: Intel Pentium III Xeon processor | LGA775 | 2660/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 38.339 GiB free.
D: is CDROM ()
X: is FIXED (NTFS) - 466 GiB total, 202.79 GiB free.

==== Disabled Device Manager Items =============

Class GUID: 
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&6605F67&0&0001
Manufacturer: 
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&6605F67&0&0001
Service:

==== System Restore Points ===================

RP189: 6/27/2010 10:29:30 AM - System Checkpoint
RP190: 6/29/2010 9:52:38 PM - System Checkpoint
RP191: 7/1/2010 9:46:36 AM - System Checkpoint
RP192: 7/3/2010 4:56:35 PM - System Checkpoint
RP193: 7/4/2010 4:07:40 PM - Installed DirectX
RP194: 7/4/2010 6:33:33 PM - Installed DirectX
RP195: 7/6/2010 4:07:05 PM - System Checkpoint
RP196: 7/8/2010 7:17:37 AM - System Checkpoint
RP197: 7/10/2010 11:08:15 AM - System Checkpoint
RP198: 7/10/2010 10:43:01 PM - avast! Free Antivirus Setup
RP199: 7/12/2010 3:48:18 PM - System Checkpoint
RP200: 7/14/2010 11:44:25 PM - Software Distribution Service 3.0
RP201: 7/17/2010 1:07:32 PM - System Checkpoint
RP202: 7/20/2010 3:43:59 AM - System Checkpoint
RP203: 7/22/2010 1:29:00 PM - System Checkpoint
RP204: 7/25/2010 6:26:15 PM - System Checkpoint
RP205: 7/26/2010 10:07:25 PM - System Checkpoint
RP206: 7/27/2010 2:30:48 PM - Restore Operation
RP207: 7/27/2010 4:33:45 PM - Restore Operation
RP208: 7/28/2010 12:29:55 PM - Unsigned driver install
RP209: 7/28/2010 12:44:52 PM - Installed COMODO Internet Security
RP210: 7/31/2010 5:19:26 AM - System Checkpoint
RP211: 8/3/2010 1:39:17 AM - ComboFix created restore point
RP212: 8/4/2010 12:13:48 AM - Software Distribution Service 3.0
RP213: 8/6/2010 7:15:44 PM - Removed Samsung New PC Studio
RP214: 8/6/2010 7:23:39 PM - Installed Samsung New PC Studio
RP215: 8/6/2010 9:43:53 PM - Installed Samsung New PC Studio Full Update
RP216: 8/19/2010 1:01:41 AM - Software Distribution Service 3.0
RP217: 8/23/2010 11:57:18 AM - System Checkpoint
RP218: 9/3/2010 3:35:37 PM - Removed Java(TM) 6 Update 15
RP219: 9/3/2010 3:37:00 PM - Removed Java(TM) 6 Update 7
RP220: 9/3/2010 3:42:09 PM - Removed League of Legends
RP221: 9/3/2010 3:51:33 PM - Installed Java(TM) 6 Update 21
RP222: 9/5/2010 11:43:51 AM - System Checkpoint
RP223: 9/6/2010 6:50:05 PM - Removed Adobe Reader 9.1.
RP224: 9/6/2010 6:51:21 PM - Installed Adobe Reader 9.3.4.
RP225: 9/6/2010 11:12:16 PM - Installed League of Legends
RP226: 9/8/2010 8:17:40 AM - Software Distribution Service 3.0
RP227: 9/8/2010 6:40:00 PM - Installed League of Legends
RP228: 9/9/2010 4:06:37 PM - Removed League of Legends
RP229: 9/10/2010 10:45:14 PM - Removed COMODO Internet Security
RP230: 9/15/2010 11:37:48 PM - Software Distribution Service 3.0
RP231: 9/17/2010 4:25:52 PM - System Checkpoint
RP232: 9/17/2010 5:45:44 PM - Removed Driver Detective.
RP233: 9/17/2010 5:46:24 PM - Installed Driver Detective.
RP234: 9/17/2010 6:07:42 PM - Removed Apple Mobile Device Support
RP235: 9/17/2010 6:10:00 PM - Removed World of Warcraft FREE Trial
RP236: 9/17/2010 6:11:37 PM - Removed Driver Detective.
RP237: 9/18/2010 5:43:44 PM - Installed League of Legends
RP238: 9/23/2010 6:16:25 PM - System Checkpoint
RP239: 9/29/2010 11:19:22 PM - Software Distribution Service 3.0
RP240: 10/4/2010 6:13:53 PM - Installed DirectX
RP241: 10/4/2010 6:23:54 PM - Installed GameSpy Comrade.
RP242: 10/9/2010 12:16:47 AM - Software Distribution Service 3.0
RP243: 10/10/2010 11:15:22 AM - Installed Microsoft Games for Windows - LIVE Redistributable
RP244: 10/10/2010 11:16:23 AM - Removed Microsoft Games for Windows - LIVE Redistributable
RP245: 10/10/2010 11:39:49 AM - Installed BioShock 2
RP246: 10/12/2010 4:46:29 PM - Installed League of Legends
RP247: 10/12/2010 4:54:16 PM - Removed League of Legends
RP248: 10/12/2010 5:44:17 PM - Installed League of Legends
RP249: 10/13/2010 11:32:41 PM - Software Distribution Service 3.0
RP250: 10/19/2010 8:22:40 PM - Removed League of Legends
RP251: 10/19/2010 8:59:57 PM - Installed League of Legends
RP252: 10/19/2010 10:40:11 PM - Installed League of Legends
RP253: 10/19/2010 10:43:19 PM - Removed League of Legends
RP254: 10/19/2010 11:33:39 PM - Installed League of Legends
RP255: 10/22/2010 10:44:30 PM - Installed Microsoft Fix it 50389
RP256: 10/22/2010 11:28:09 PM - Restore Operation
RP257: 10/24/2010 8:46:11 PM - Installed Realtek High Definition Audio Driver
RP258: 10/27/2010 2:44:57 PM - System Checkpoint
RP259: 10/28/2010 5:38:48 PM - Installed DirectX
RP260: 11/3/2010 8:21:44 AM - Removed League of Legends
RP261: 11/4/2010 3:49:31 PM - Installed DirectX
RP262: 11/4/2010 3:50:19 PM - Installed DirectX
RP263: 11/5/2010 1:42:35 AM - Installed League of Legends
RP264: 11/5/2010 10:25:51 AM - Removed League of Legends
RP265: 11/5/2010 10:28:14 AM - Installed League of Legends
RP266: 11/5/2010 1:49:35 PM - Installed DirectX
RP267: 11/10/2010 11:08:46 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.4.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alien Swarm
Amnesia: The Dark Descent
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.2.6
avast! Free Antivirus
Batman: Arkham Asylum
BioShock 2
Bonjour
Borderlands
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Champions Online
Counter-Strike: Source Beta
Damnation
Dead Space™
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
Download Updater (AOL LLC)
Dracula: Origin
Dragon Age: Origins
EA Download Manager
F.E.A.R.
F.E.A.R.: Extraction Point
F.E.A.R.: Perseus Mandate
Fallout 3 - The Garden of Eden Creation Kit
Fraps
GameSpy Comrade
Google Earth
Google SketchUp 7
Google Update Helper
Graph 4.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Killing Floor
League of Legends
Left 4 Dead 2
leogeo_timebeat
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NecroVisioN
Numen: Contest of Heroes
NVIDIA PhysX
Oblivion
Oblivion - BTmod 2.20
Oblivion mod manager 1.1.12
OpenOffice.org 3.0
Opera 9.63
Overlord
Overlord II
Overlord: Raising Hell
oZone3D.Net FurMark v1.8.2
Pando Media Booster
PC Connectivity Solution
PDF Settings
Pharaoh
Prototype(TM)
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Red Faction: Guerrilla 
Roll
Saitek Cyborg Keyboard Volume 6.2.1.3
Saitek SD6 Programming Software 6.2.1.3
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SamsungConnectivityCableDriver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 3.8
Smart Defrag
SpeedFan (remove only)
SPORE™
Stalker Complete 2009 v1.4.3
Star Wars: The Force Unleashed
StarCraft II
Steam
The Lord of the Rings FREE Trial 
The Lord of the Rings Online™ v03.02.04.8010
The Polynomial
Thief - Deadly Shadows
Titan Quest: Immortal Throne
Tomb Raider - The Last Revelation
Tomb Raider Chronicles
TortoiseSVN 1.6.6.17493 (32 bit)
Trine
TrueCrypt
Ultima IX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDMSound
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WC3Banlist
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
Wireless Tablet Series
Works Suite OS Pack
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/9/2010 6:07:56 PM, error: PlugPlayManager [12] - The device 'Optiarc DVD RW AD-7200S' (IDE\CdRomOptiarc_DVD_RW_AD-7200S_________________1.06____\5&5c6cfd6&0&0.0.0) disappeared from the system without first being prepared for removal.
11/9/2010 6:07:55 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
11/7/2010 6:57:05 PM, error: Removable Storage Service [106] - Multisided media 1 could not be identified in library HP c485w USB Device. RSM attempted to flip the media to identify the second side but could not because the media was in use by another process. This media has been forced into the Unrecognized pool and left in the disabled state. Perform a full inventory or eject the media and re-insert it into the library to fix this situation.
11/7/2010 6:56:55 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library HP c485w USB Device.
11/7/2010 6:51:12 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library USB Flash Memory USB Device.
11/11/2010 3:50:11 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
11/10/2010 8:56:05 PM, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 002215A175E3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/10/2010 7:29:28 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
11/10/2010 7:29:28 AM, error: Service Control Manager [7000] - The Tomb Raider Advanced Installer Multiprocessor Helper service failed to start due to the following error: The system cannot find the file specified.
11/10/2010 7:29:10 AM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
11/10/2010 7:28:55 AM, error: ati2mtag [43038] - EDID contain an error in the RangeLimit field

==== End Of File ===========================

*There is a problem with the link you gave for the rootkit unhooker, i was thus unable to use that*


----------



## CatByte (Feb 24, 2009)

Please run GMER instead:









Download *GMER Rootkit Scanner *from *here* or *here*.

 Extract the contents of the zipped file to desktop. 
 Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . 
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Uncheck the following ...
 IAT/EAT
 Drives/Partition other than Systemdrive (typically C:\) 
 Show All (don't miss this one)

 Then click the Scan button & wait for it to finish. 
 Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.

_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries _


----------



## Baronyx (Aug 2, 2010)

I ran Gmer in safe mode from an admin account, and after a few minutes of scanning my computer simply restarted. I am left with no log


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:

Download *ComboFix *from one of the following locations:
*Link 1* 
*Link 2 *

VERY IMPORTANT !!! Save ComboFix.exe to your *Desktop *

* IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 

Double click on *ComboFix.exe* & follow the prompts.
As part of it's process, *ComboFix will check to see if the Microsoft Windows Recovery Console* is installed. With malware infections being as they are today, it's *strongly recommended *to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.











Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:











*Click on Yes*, to continue scanning for malware.
When finished, it shall produce a log for you.* Please include the C:\ComboFix.txt in your next reply.*
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


----------



## etaf (Oct 2, 2003)

reopened as requested


----------



## Baronyx (Aug 2, 2010)

Sorry I haven't been able to reply for a long time; I've moved house and have had no internet for some time.

I cannot open the combofix links above; is there another link I could use?


----------



## Baronyx (Aug 2, 2010)

Update: The combofix link 2 works; am proceeding to install and run the program.

I will include the log on my next post


----------



## Baronyx (Aug 2, 2010)

Upon running combofix; It told me it was out of date, and running it would provide reduced functionality. 

I shall await another link


----------



## CatByte (Feb 24, 2009)

Hi

Delete the copy of ComboFix from your desktop and download a fresh copy

*Link 1*

Make sure your security programs are disabled and run the program

post the resulting log


----------



## Baronyx (Aug 2, 2010)

ComboFix 11-01-27.01 - Administrator 01/27/2011 23:53:59.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1778 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\twunk_32.exe
X:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-26 17:52 . 2011-01-26 17:55 -------- d-----w- c:\program files\ExamWizard32
2011-01-23 13:49 . 2011-01-23 13:49 -------- d-----w- c:\documents and settings\Tobocom\Local Settings\Application Data\Electronic Arts
2011-01-21 16:04 . 2011-01-21 16:04 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc7C.tmp
2011-01-17 19:50 . 2011-01-17 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-01-17 18:48 . 2010-11-26 02:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-16 23:50 . 2011-01-16 23:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2011-01-16 23:47 . 2011-01-16 23:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2011-01-16 23:19 . 2011-01-16 23:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2011-01-16 23:19 . 2011-01-16 23:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2011-01-16 13:23 . 2008-06-20 08:27 9715200 ----a-w- c:\windows\RTLCPL.EXE
2011-01-14 13:13 . 2011-01-14 13:13 -------- d-----w- c:\documents and settings\Tobocom\Local Settings\Application Data\Atari
2011-01-14 13:13 . 2011-01-14 13:13 -------- d-----w- c:\documents and settings\Tobocom\Application Data\Atari
2011-01-14 13:12 . 2011-01-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2011-01-14 13:12 . 2011-01-14 13:12 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-14 13:12 . 2011-01-14 13:12 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-29 13:08 . 2010-12-29 13:08 -------- d-----w- c:\documents and settings\Tobocom\Application Data\runic games
2010-12-29 12:28 . 2010-12-29 13:04 -------- d-----w- c:\documents and settings\Tobocom\Application Data\The Path

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-10 21:43 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-10 21:45 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-10 21:45 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-07-10 21:45 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-07-10 21:45 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-07-10 21:45 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-10 21:45 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-07-10 21:45 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-07-10 21:43 38848 ----a-w- c:\windows\avastSS.scr
2010-11-26 04:17 . 2004-08-04 05:29 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2008-12-01 20:46 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2008-12-01 19:50 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2008-12-01 20:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2009-11-26 22:29 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2009-11-26 22:29 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2009-11-26 22:29 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2008-12-01 20:52 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2004-08-04 07:56 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2004-08-04 07:56 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:34 . 2008-12-01 20:41 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2008-12-01 20:38 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2004-08-04 07:56 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-09-17 18:25 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2008-12-01 19:53 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2008-12-01 19:52 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2004-08-04 07:56 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2009-11-26 22:29 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2008-12-01 19:57 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-18 18:12 . 2008-12-24 18:35 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2003-03-31 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-03-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-11-12_19.37.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 02:19 . 2007-11-07 02:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90kor.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 49664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90jpn.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90ita.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90fra.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esp.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esn.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90enu.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 63488 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90deu.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 44544 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90cht.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 44032 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90chs.dll
- 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-04-11 01:51 . 2008-04-11 01:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90u.dll
+ 2008-04-11 01:51 . 2008-04-11 01:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90.dll
+ 2010-11-25 13:50 . 2010-06-02 04:55 74072 c:\windows\system32\XAPOFX1_5.dll
- 2010-05-15 08:00 . 2010-02-04 09:01 74072 c:\windows\system32\XAPOFX1_4.dll
+ 2010-05-15 08:00 . 2010-02-04 10:01 74072 c:\windows\system32\XAPOFX1_4.dll
- 2010-05-15 07:59 . 2010-02-04 09:01 22360 c:\windows\system32\X3DAudio1_7.dll
+ 2010-05-15 07:59 . 2010-02-04 10:01 22360 c:\windows\system32\X3DAudio1_7.dll
+ 2011-01-26 17:53 . 2003-04-08 01:41 53248 c:\windows\system32\wndtls32.dll
+ 2008-12-24 20:33 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2008-12-24 20:33 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2010-04-16 22:12 . 2010-04-16 22:12 48464 c:\windows\system32\sirenacm.dll
+ 2010-10-24 19:46 . 2009-07-22 08:40 41472 c:\windows\system32\RtkCoInstXP.dll
+ 2011-01-17 18:48 . 2001-11-09 15:01 24064 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ativcoxx.dll
+ 2011-01-17 18:48 . 2010-09-11 01:17 17408 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atitvo32.dll
+ 2011-01-17 18:48 . 2009-02-03 20:52 45056 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ATIODCLI.exe
+ 2011-01-17 18:48 . 2010-09-11 01:11 64512 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atimpc32.dll
+ 2011-01-17 18:48 . 2010-09-11 01:24 53248 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ATIDDC.DLL
+ 2011-01-17 18:48 . 2010-09-11 01:57 57344 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\aticalrt.dll
+ 2011-01-17 18:48 . 2010-09-11 01:57 53248 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\aticalcl.dll
+ 2011-01-17 18:48 . 2010-09-11 01:26 26112 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\Ati2mdxx.exe
+ 2011-01-17 18:48 . 2010-09-11 01:11 53248 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2erec.dll
+ 2011-01-17 18:48 . 2010-09-11 01:26 43520 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2edxx.dll
+ 2011-01-16 13:24 . 2010-10-05 17:11 84584 c:\windows\system32\ReinstallBackups\0029\DriverFiles\SOUNDMAN.EXE
+ 2011-01-16 13:24 . 2010-10-05 17:11 54888 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RtkCoInstXP.dll
+ 2011-01-16 13:24 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\wdmaud.drv
+ 2011-01-16 13:24 . 2008-04-13 17:45 49408 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\stream.sys
+ 2011-01-16 13:24 . 2008-04-13 17:45 60160 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\drmk.sys
+ 2011-01-16 13:24 . 2010-10-05 17:10 64104 c:\windows\system32\ReinstallBackups\0029\DriverFiles\ALCMTR.EXE
- 2003-03-31 12:00 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\pngfilt.dll
- 2003-03-31 12:00 . 2010-11-12 14:24 71526 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-11-23 07:46 71526 c:\windows\system32\perfc009.dat
+ 2007-08-13 18:54 . 2010-11-06 00:34 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 18:54 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 18:39 . 2010-09-08 15:57 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 18:39 . 2010-11-03 12:24 13824 c:\windows\system32\ieudinit.exe
+ 2003-03-31 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\iernonce.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll
- 2003-03-31 12:00 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 18:36 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 18:36 . 2010-11-06 00:34 63488 c:\windows\system32\icardie.dll
+ 2010-12-08 13:14 . 2009-03-18 16:35 26176 c:\windows\system32\hamachi.sys
+ 2011-01-17 18:48 . 2010-11-26 02:34 81688 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\oemdspif.dll
+ 2011-01-17 18:48 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ativcoxx.dll
+ 2011-01-17 18:48 . 2010-08-27 19:32 81222 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiode.exe
+ 2011-01-17 18:48 . 2009-06-22 16:34 25130 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiodcli.exe
+ 2011-01-17 18:48 . 2010-11-26 02:16 41418 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atimpc32.dll
+ 2011-01-17 18:48 . 2010-11-26 02:31 28700 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiddc.dll
+ 2011-01-17 18:48 . 2010-11-26 03:07 29986 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\aticalrt.dll
+ 2011-01-17 18:48 . 2010-11-26 03:07 29025 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\aticalcl.dll
+ 2011-01-17 18:48 . 2009-05-11 22:35 71662 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atibtmon.exe
+ 2011-01-17 18:48 . 2010-11-26 02:30 55072 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiapfxx.exe
+ 2011-01-17 18:48 . 2010-11-26 02:34 16309 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2mdxx.exe
+ 2011-01-17 18:48 . 2010-11-26 02:34 81571 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2evxx.dll
+ 2011-01-17 18:48 . 2010-11-26 02:39 13650 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2erec.dll
+ 2011-01-17 18:48 . 2010-11-26 02:34 28842 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2edxx.dll
+ 2008-12-24 19:10 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2008-12-24 19:10 . 2008-04-13 17:45 49408 c:\windows\system32\drivers\stream.sys
+ 2008-12-24 19:10 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
- 2008-12-24 19:10 . 2008-04-13 17:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-12-24 18:35 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2008-12-24 19:10 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
- 2008-12-24 19:10 . 2008-04-13 17:45 49408 c:\windows\system32\dllcache\stream.sys
- 2003-03-31 12:00 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2003-03-31 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2008-12-24 20:57 . 2010-11-06 00:34 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-24 20:57 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-12-24 18:35 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-12-24 18:35 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-12-24 20:57 . 2010-11-03 12:24 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-12-24 20:57 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2003-03-31 12:00 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\iernonce.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll
- 2003-03-31 12:00 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2003-03-31 12:00 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-12-24 20:57 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-12-24 20:57 . 2010-11-06 00:34 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-12-24 19:10 . 2008-04-13 17:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2008-12-24 19:10 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2003-03-31 12:00 . 2010-11-06 00:34 17408 c:\windows\system32\dllcache\corpol.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll
- 2001-11-09 16:01 . 2001-11-09 15:01 24064 c:\windows\system32\ativcoxx.dll
+ 2001-11-09 16:01 . 2001-11-09 16:01 24064 c:\windows\system32\ativcoxx.dll
+ 2008-10-21 17:40 . 2009-06-22 16:34 45056 c:\windows\system32\ATIODCLI.exe
- 2008-10-21 17:40 . 2009-02-03 20:52 45056 c:\windows\system32\ATIODCLI.exe
+ 2008-12-24 19:09 . 2008-08-20 05:26 77824 c:\windows\SOUNDMAN.EXE
+ 2011-01-21 16:11 . 2011-01-21 16:11 22016 c:\windows\Installer\1ce7b11.msi
+ 2011-01-21 16:10 . 2011-01-21 16:10 27136 c:\windows\Installer\1ce7ae0.msi
+ 2011-01-21 16:09 . 2011-01-21 16:09 58880 c:\windows\Installer\1ce7ac2.msi
+ 2011-01-17 18:51 . 2011-01-17 18:51 10134 c:\windows\Installer\{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}\ARPPRODUCTICON.exe
+ 2011-01-21 16:09 . 2011-01-21 16:09 61272 c:\windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
+ 2011-01-17 18:52 . 2011-01-17 18:52 44758 c:\windows\Installer\{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2011-01-17 18:52 . 2011-01-17 18:52 10134 c:\windows\Installer\{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}\ARPPRODUCTICON.exe
+ 2011-01-17 18:47 . 2011-01-17 18:47 77542 c:\windows\Installer\{B9060398-FB64-2A4C-C4E6-D1236447E026}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-01-17 18:47 . 2011-01-17 18:47 77542 c:\windows\Installer\{B9060398-FB64-2A4C-C4E6-D1236447E026}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-01-17 18:47 . 2011-01-17 18:47 77542 c:\windows\Installer\{B9060398-FB64-2A4C-C4E6-D1236447E026}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-01-17 18:47 . 2011-01-17 18:47 77542 c:\windows\Installer\{B9060398-FB64-2A4C-C4E6-D1236447E026}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2011-01-17 18:47 . 2011-01-17 18:47 77542 c:\windows\Installer\{B9060398-FB64-2A4C-C4E6-D1236447E026}\ARPPRODUCTICON.exe
+ 2011-01-21 16:11 . 2011-01-21 16:11 80395 c:\windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}\MsblIco.Exe
+ 2011-01-17 18:51 . 2011-01-17 18:51 10134 c:\windows\Installer\{A36579B4-313E-DC6B-D817-41824D46EF5D}\ARPPRODUCTICON.exe
+ 2010-06-05 02:02 . 2010-12-19 23:22 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 02:02 . 2010-09-29 22:20 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-17 18:47 . 2011-01-17 18:47 10134 c:\windows\Installer\{810AD6B3-C830-A74C-300E-D14820CE1850}\ARPPRODUCTICON.exe
+ 2011-01-17 18:51 . 2011-01-17 18:51 10134 c:\windows\Installer\{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}\ARPPRODUCTICON.exe
+ 2011-01-17 18:51 . 2011-01-17 18:51 10134 c:\windows\Installer\{6AB57823-3580-4CE0-9CF0-072E2A39460C}\ARPPRODUCTICON.exe
- 2009-11-06 18:46 . 2009-11-06 18:46 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2011-01-21 16:12 . 2011-01-21 16:12 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2010-12-15 23:54 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
+ 2010-12-15 23:55 . 2010-09-08 15:57 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
+ 2010-12-15 23:55 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 78336 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
+ 2010-12-15 23:55 . 2010-09-08 15:57 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
+ 2010-12-15 23:55 . 2010-09-09 13:38 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 17408 c:\windows\ie7updates\KB2416400-IE7\corpol.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\4b76ee7cffa5a925f16967eb6d44d79e\WindowsLiveWriter.ni.exe
+ 2011-01-21 16:58 . 2011-01-21 16:58 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f3ef21a166df82d34e0147cfa308256\WindowsLive.Writer.Api.ni.dll
+ 2010-11-30 11:40 . 2010-11-30 11:40 98304 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework.Game\3.1.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.Game.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-24 19:09 . 2009-03-03 03:14 57344 c:\windows\ALCMTR.EXE
+ 2010-12-15 23:56 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-15 23:56 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-15 23:56 . 2008-04-14 00:11 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-15 23:56 . 2008-04-13 18:57 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-15 23:49 . 2008-04-14 00:12 46080 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2010-12-15 23:55 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-15 23:56 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-15 23:56 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-15 15:30 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-15 23:56 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-15 23:49 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-15 23:49 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-15 15:28 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2010-12-15 23:55 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400-IE7\update\spcustom.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400-IE7\spmsg.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 44544 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\pngfilt.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 52224 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\msfeedsbs.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 27648 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\jsproxy.dll
+ 2010-11-03 11:59 . 2010-11-03 11:59 13824 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieudinit.exe
+ 2010-11-06 00:34 . 2010-11-06 00:34 44544 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iernonce.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 78336 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieencode.dll
+ 2010-11-03 11:59 . 2010-11-03 11:59 70656 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ie4uinit.exe
+ 2010-11-06 00:34 . 2010-11-06 00:34 63488 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\icardie.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 17408 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\corpol.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2011-01-16 13:24 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\ksuser.dll
+ 2011-01-17 18:48 . 2010-11-26 02:24 8347 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atitvo32.dll
+ 2010-04-17 00:04 . 2010-04-17 00:04 306032 c:\windows\WLXPGSS.SCR
+ 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcr90.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcp90.dll
+ 2008-04-10 22:52 . 2008-04-10 22:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcm90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2010-10-24 19:46 . 2008-10-24 09:42 290816 c:\windows\vncutil.exe
+ 2010-11-25 13:50 . 2010-06-02 04:55 527192 c:\windows\system32\XAudio2_7.dll
- 2010-05-15 08:00 . 2010-02-04 09:01 528216 c:\windows\system32\XAudio2_6.dll
+ 2010-05-15 08:00 . 2010-02-04 10:01 528216 c:\windows\system32\XAudio2_6.dll
+ 2010-11-25 13:50 . 2010-06-02 04:55 239960 c:\windows\system32\xactengine3_7.dll
- 2010-05-15 08:00 . 2010-02-04 09:01 238936 c:\windows\system32\xactengine3_6.dll
+ 2010-05-15 08:00 . 2010-02-04 10:01 238936 c:\windows\system32\xactengine3_6.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\webcheck.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
+ 2011-01-26 17:53 . 2003-04-15 02:12 114688 c:\windows\system32\txtls32.dll
+ 2011-01-26 17:53 . 2002-01-23 01:14 327680 c:\windows\system32\txobj32.dll
+ 2011-01-26 17:53 . 2003-04-25 10:10 536576 c:\windows\system32\Tx32.dll
+ 2011-01-26 17:53 . 2003-04-28 01:20 380928 c:\windows\system32\tx_xml.dll
+ 2011-01-26 17:53 . 2003-04-28 02:10 372736 c:\windows\system32\tx_word.dll
+ 2011-01-26 17:53 . 2003-04-22 03:22 159744 c:\windows\system32\tx_rtf32.dll
+ 2011-01-26 17:53 . 2003-04-28 01:10 471040 c:\windows\system32\tx_pdf.dll
+ 2011-01-26 17:53 . 2003-04-28 02:01 200704 c:\windows\system32\tx_htm32.dll
+ 2011-01-26 17:53 . 2003-04-28 01:30 356352 c:\windows\system32\tx_css.dll
+ 2011-01-16 13:23 . 2009-04-24 08:58 131072 c:\windows\system32\RTCOM\RTLCPAPI.dll
+ 2008-12-24 19:09 . 2009-05-20 02:42 270336 c:\windows\system32\RTCOM\RTCOMDLL.dll
+ 2011-01-17 18:48 . 2010-09-11 01:26 155648 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\Oemdspif.dll
+ 2011-01-17 18:48 . 2010-09-11 01:25 887724 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ativva6x.dat
+ 2011-01-17 18:48 . 2010-09-11 01:26 208896 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atipdlxx.dll
+ 2011-01-17 18:48 . 2010-09-11 01:29 393216 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atiok3x2.dll
+ 2011-01-17 18:48 . 2009-02-18 17:55 294912 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ATIODE.exe
+ 2011-01-17 18:48 . 2010-09-11 01:19 634880 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atikvmag.dll
+ 2011-01-17 18:48 . 2010-09-11 01:50 311296 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atiiiexx.dll
+ 2011-01-17 18:48 . 2010-08-11 13:24 224342 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atiicdxx.dat
+ 2011-01-17 18:48 . 2010-09-11 01:43 450560 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ATIDEMGX.dll
+ 2011-01-17 18:48 . 2009-05-11 21:35 118784 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atibtmon.exe
+ 2011-01-17 18:48 . 2010-09-11 01:23 143360 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atiapfxx.exe
+ 2011-01-17 18:48 . 2010-09-11 01:18 192512 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atiadlxx.dll
+ 2011-01-17 18:48 . 2010-09-11 01:25 606208 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2evxx.exe
+ 2011-01-17 18:48 . 2010-09-11 01:26 159744 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2evxx.dll
+ 2011-01-17 18:48 . 2010-09-11 01:42 300544 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2dvag.dll
+ 2011-01-17 18:48 . 2010-09-11 01:13 696320 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2cqag.dll
+ 2011-01-16 13:24 . 2010-10-05 17:11 359016 c:\windows\system32\ReinstallBackups\0029\DriverFiles\vncutil.exe
+ 2011-01-16 13:24 . 2010-10-05 17:11 137832 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RTLCPAPI.dll
+ 2011-01-16 13:24 . 2010-10-05 17:11 129640 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RtkAudioService.exe
+ 2011-01-16 13:24 . 2010-10-05 17:11 289384 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RTCOMDLL.dll
+ 2011-01-16 13:24 . 2008-04-13 18:19 146048 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\portcls.sys
+ 2011-01-16 13:24 . 2008-04-13 18:16 141056 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\ks.sys
+ 2003-03-31 12:00 . 2010-11-23 07:46 441652 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-11-12 14:24 441652 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\occache.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\msrating.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\mshtmled.dll
+ 2007-08-13 18:54 . 2010-11-06 00:34 468480 c:\windows\system32\msfeeds.dll
- 2007-08-13 18:54 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll
+ 2010-11-30 11:03 . 2010-11-30 11:03 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2007-08-13 18:34 . 2010-11-06 00:34 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 18:34 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\iepeers.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\iedkcs32.dll
- 2007-07-11 12:27 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 12:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
- 2003-03-31 12:00 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll
+ 2003-03-31 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\ieaksie.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 153088  c:\windows\system32\ieakeng.dll
+ 2011-01-26 17:53 . 2003-04-16 03:02 102400 c:\windows\system32\ic32.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dxtrans.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dxtmsft.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll
+ 2011-01-17 18:48 . 2010-11-26 02:31 887724 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ativva6x.dat
+ 2011-01-17 18:48 . 2010-11-26 02:34 110215 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atipdlxx.dll
+ 2011-01-17 18:48 . 2010-11-26 03:23 221823 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiok3x2.dll
+ 2011-01-17 18:48 . 2010-11-26 02:26 334452 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atikvmag.dll
+ 2011-01-17 18:48 . 2010-11-26 03:12 311296 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiiiexx.dll
+ 2011-01-17 18:48 . 2010-09-28 20:07 224001 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiicdxx.dat
+ 2011-01-17 18:48 . 2010-11-26 02:55 462848 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atidemgx.dll
+ 2011-01-17 18:48 . 2010-11-26 02:24 106573 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atiadlxx.dll
+ 2011-01-17 18:48 . 2010-11-26 02:32 324389 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2evxx.exe
+ 2011-01-17 18:48 . 2010-11-26 02:54 189781 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2dvag.dll
+ 2011-01-17 18:48 . 2010-11-26 02:18 392309 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2cqag.dll
- 2004-03-16 10:58 . 2008-04-13 18:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-03-16 10:58 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
- 2008-12-24 19:10 . 2008-04-13 18:16 141056 c:\windows\system32\drivers\ks.sys
+ 2008-12-24 19:10 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys
- 2003-03-31 12:00 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 832512 c:\windows\system32\dllcache\wininet.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll
- 2004-03-16 10:58 . 2008-04-13 18:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-03-16 10:58 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2003-03-31 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2003-03-31 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 102912 c:\windows\system32\dllcache\occache.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 671232 c:\windows\system32\dllcache\mstime.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 193024 c:\windows\system32\dllcache\msrating.dll
+ 2008-12-24 18:35 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2008-12-24 18:35 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-24 20:57 . 2010-11-06 00:34 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-24 20:57 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-24 18:35 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
+ 2008-12-24 18:35 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2008-12-24 18:35 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2008-12-24 18:35 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2008-12-24 18:35 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2008-12-24 18:35 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
- 2008-12-24 18:35 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2008-12-24 18:35 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2008-12-24 19:10 . 2008-04-13 18:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-12-24 19:10 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-12-24 18:34 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-12-24 18:34 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-12-24 20:57 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-24 20:57 . 2010-11-06 00:34 268288 c:\windows\system32\dllcache\iertutil.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 192512 c:\windows\system32\dllcache\iepeers.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-12-24 20:57 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-24 20:57 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2003-03-31 12:00 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2003-03-31 12:00 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2003-03-31 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\dllcache\advpack.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-11-25 13:50 . 2010-05-26 11:41 248672 c:\windows\system32\d3dx11_43.dll
+ 2010-11-25 13:50 . 2010-05-26 11:41 470880 c:\windows\system32\d3dx10_43.dll
+ 2003-03-31 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd.dll
- 2008-12-01 20:11 . 2010-09-11 01:25 887724 c:\windows\system32\ativva6x.dat
+ 2008-12-01 20:11 . 2010-11-26 02:31 887724 c:\windows\system32\ativva6x.dat
+ 2008-10-21 17:40 . 2010-08-27 19:32 294912 c:\windows\system32\ATIODE.exe
- 2008-10-21 17:40 . 2009-02-18 17:55 294912 c:\windows\system32\ATIODE.exe
+ 2008-10-30 14:45 . 2010-09-28 20:07 224001 c:\windows\system32\atiicdxx.dat
- 2009-11-26 22:29 . 2009-05-11 21:35 118784 c:\windows\system32\atibtmon.exe
+ 2009-11-26 22:29 . 2009-05-11 22:35 118784 c:\windows\system32\atibtmon.exe
+ 2003-03-31 12:00 . 2010-11-06 00:34 124928 c:\windows\system32\advpack.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll
+ 2010-10-24 19:46 . 2009-03-18 06:07 122880 c:\windows\RtkAudioService.exe
+ 2010-12-29 13:07 . 2010-12-29 13:07 228864 c:\windows\Installer\505071.msi
+ 2010-11-13 01:42 . 2010-11-13 01:42 216576 c:\windows\Installer\3daa27.msi
+ 2010-11-30 11:40 . 2010-11-30 11:40 892416 c:\windows\Installer\357bea.msi
+ 2010-12-08 13:14 . 2010-12-08 13:14 886784 c:\windows\Installer\23b0c.msi
+ 2011-01-17 18:51 . 2011-01-17 18:51 196608 c:\windows\Installer\1ddf5ed.msi
+ 2011-01-17 18:51 . 2011-01-17 18:51 252416 c:\windows\Installer\1ddf5e7.msi
+ 2011-01-17 18:51 . 2011-01-17 18:51 261120 c:\windows\Installer\1ddf5e1.msi
+ 2011-01-17 18:51 . 2011-01-17 18:51 322048 c:\windows\Installer\1ddf5db.msi
+ 2011-01-17 18:47 . 2011-01-17 18:47 437248 c:\windows\Installer\1ddf432.msi
+ 2011-01-21 16:15 . 2011-01-21 16:15 569344 c:\windows\Installer\1ce7c1a.msi
+ 2011-01-21 16:15 . 2011-01-21 16:15 181248 c:\windows\Installer\1ce7bfb.msi
+ 2011-01-21 16:14 . 2011-01-21 16:14 727040 c:\windows\Installer\1ce7bb0.msi
+ 2011-01-21 16:14 . 2011-01-21 16:14 483328 c:\windows\Installer\1ce7ba1.msi
+ 2011-01-21 16:14 . 2011-01-21 16:14 778752 c:\windows\Installer\1ce7b8d.msi
+ 2011-01-21 16:13 . 2011-01-21 16:13 463872 c:\windows\Installer\1ce7b4f.msi
+ 2011-01-21 16:12 . 2011-01-21 16:12 735744 c:\windows\Installer\1ce7b40.msi
+ 2011-01-21 16:11 . 2011-01-21 16:11 429056 c:\windows\Installer\1ce7b08.msi
+ 2011-01-21 16:09 . 2011-01-21 16:09 149504 c:\windows\Installer\1ce7ad3.msi
+ 2011-01-21 16:14 . 2011-01-21 16:14 132096 c:\windows\Installer\{EE39FFBD-544E-49E4-A999-6819828EAE91}\WLXPhotoGalleryIcon.exe
+ 2010-12-15 23:54 . 2010-09-09 13:38 832512 c:\windows\ie7updates\KB2416400-IE7\wininet.dll
+ 2010-12-15 23:54 . 2010-09-09 13:38 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
+ 2010-12-15 23:54 . 2010-09-09 13:38 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
+ 2010-12-15 23:54 . 2010-09-09 13:38 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll
+ 2010-12-15 23:54 . 2010-09-09 13:38 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll
+ 2010-12-15 23:54 . 2010-09-09 13:38 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll
+ 2010-12-15 23:54 . 2010-09-09 13:38 478208 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 468480 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
+ 2010-12-15 23:55 . 2010-08-25 11:30 634648 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
+ 2010-12-15 23:55 . 2010-09-09 13:38 268288 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 192512 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 384512 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 380928 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
+ 2010-12-15 23:55 . 2010-08-25 11:29 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\cf67b75a1da96795723d2034e48ba183\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7eecdbf8f73f127df632e81bc835484\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd5335b13b4ce8f10990c752f3c0a6b9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cf5151086dd038a82602c9167c9acad5\WindowsLive.Writer.Passport.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cc7d0d688ca1fb7bd0e0ba3f17e3add1\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\879fd6f22250247f79ee663b80199b73\WindowsLive.Writer.Localization.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\80ce7f3c877dff36e07711517ed49b19\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\796b11733fd16a0128c89ae37abce0f4\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cc2bbf8d87c63f36d05bf7a4a01a69\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\69968aa6fb3a6fb47df1b2dd59f1e1a2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5efde99101ca1afd5ad2b21f793e2854\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36888cd642eab375b37c2d8ae121d2ad\WindowsLive.Writer.Controls.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\323d5898b41430c73305874d4b93bf25\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0e5d49b051e355c696ed7a2b5b24a623\WindowsLive.Writer.Interop.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d82d08289c6b8f928d8804f69f959ec\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b34623aa698e02b699e5b4706b1cd248\WindowsLive.Client.ni.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-15 23:56 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-15 23:56 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-15 23:49 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-15 23:49 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-15 23:56 . 2010-09-01 11:51 285824 c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-15 23:55 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-15 23:56 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-15 23:56 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-15 23:56 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-15 23:49 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-15 23:49 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-15 23:49 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2010-12-15 23:55 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2416400-IE7\update\updspapi.dll
+ 2010-12-15 23:55 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2416400-IE7\update\update.exe
+ 2010-12-15 23:55 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2416400-IE7\spuninst.exe
+ 2010-11-06 00:34 . 2010-11-06 00:34 841216 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\wininet.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 233472 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\webcheck.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 105984 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\url.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 102912 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\occache.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 671232 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mstime.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 193024 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\msrating.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 478208 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtmled.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 468480 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\msfeeds.dll
+ 2010-10-18 10:36 . 2010-10-18 10:36 634648 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
+ 2010-11-06 00:34 . 2010-11-06 00:34 268288 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iertutil.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 193024  c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iepeers.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 388608 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iedkcs32.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 380928 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieapfltr.dll
+ 2010-10-18 10:34 . 2010-10-18 10:34 161792 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieakui.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 230400 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieaksie.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 153088 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieakeng.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 132608 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\extmgr.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 214528 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\dxtrans.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 347136 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\dxtmsft.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 124928 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\advpack.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-15 23:56 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-15 23:56 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 3783160 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90u.dll
+ 2008-04-11 04:32 . 2008-04-11 04:32 3767288 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90.dll
+ 2003-03-31 12:00 . 2010-10-26 13:25 1853312 c:\windows\system32\win32k.sys
- 2003-03-31 12:00 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\urlmon.dll
+ 2011-01-17 18:48 . 2010-09-11 01:25 2669312 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ativvaxx.dll
+ 2011-01-17 18:48 . 2010-09-11 01:56 4419584 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\aticaldd.dll
+ 2011-01-17 18:48 . 2010-09-11 01:39 3942880 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati3duag.dll
+ 2011-01-17 18:48 . 2010-09-11 02:19 5417472 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\ati2mtag.sys
+ 2011-01-16 13:24 . 2010-10-05 17:11 1833576 c:\windows\system32\ReinstallBackups\0029\DriverFiles\SkyTel.exe
+ 2011-01-16 13:24 . 2010-10-05 17:11 1489512 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RtlUpd.exe
+ 2011-01-16 13:24 . 2010-10-05 17:11 9721960 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RTLCPL.EXE
+ 2011-01-16 13:24 . 2010-10-05 17:11 6164584 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RtkHDAud.sys
+ 2011-01-16 13:24 . 2009-11-18 06:17 1395800 c:\windows\system32\ReinstallBackups\0029\DriverFiles\Monfilt.sys
+ 2011-01-16 13:24 . 2010-10-05 17:10 2180712 c:\windows\system32\ReinstallBackups\0029\DriverFiles\MicCal.exe
+ 2011-01-16 13:24 . 2009-11-18 06:16 1691480 c:\windows\system32\ReinstallBackups\0029\DriverFiles\Ambfilt.sys
+ 2011-01-16 13:24 . 2010-10-05 17:10 2815592 c:\windows\system32\ReinstallBackups\0029\DriverFiles\ALCWZRD.EXE
+ 2003-03-31 12:00 . 2010-11-06 00:34 3604480 c:\windows\system32\mshtml.dll
+ 2009-10-28 03:40 . 2010-11-30 11:03 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 18:54 . 2010-11-06 00:34 6075904 c:\windows\system32\ieframe.dll
- 2007-08-13 18:54 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll
+ 2008-12-24 02:26 . 2010-12-16 07:33 1452968 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-17 18:48 . 2010-11-26 02:32 1274639 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ativvaxx.dll
+ 2011-01-17 18:48 . 2010-11-26 03:57 7315577 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\atioglxx.dll
+ 2011-01-17 18:48 . 2010-11-26 03:06 2123518 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\aticaldd.dll
+ 2011-01-17 18:48 . 2010-11-26 02:48 2096554 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati3duag.dll
+ 2011-01-17 18:48 . 2010-11-26 04:17 3614241 c:\windows\system32\DRVSTORE\CX109805_A1B7D9DE5843C2570C5D77702FF14E59D209BC95\B109234\ati2mtag.sys
+ 2008-12-24 19:09 . 2009-07-29 13:06 5870080 c:\windows\system32\drivers\RtkHDAud.sys
+ 2010-10-24 19:46 . 2006-01-05 07:41 1389056 c:\windows\system32\drivers\Monfilt.sys
+ 2010-10-24 19:46 . 2008-08-06 12:10 1684736 c:\windows\system32\drivers\Ambfilt.sys
+ 2003-03-31 12:00 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2003-03-31 12:00 . 2010-11-06 00:34 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2003-03-31 12:00 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00 . 2010-11-06 00:34 3604480 c:\windows\system32\dllcache\mshtml.dll
- 2008-12-24 20:57 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-24 20:57 . 2010-11-06 00:34 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2004-08-04 05:29 . 2010-11-26 04:17 5555712 c:\windows\system32\dllcache\ati2mtag.sys
+ 2010-11-25 13:50 . 2010-05-26 11:41 1998168 c:\windows\system32\D3DX9_43.dll
+ 2010-11-25 13:50 . 2010-05-26 11:41 1868128 c:\windows\system32\d3dcsx_43.dll
+ 2010-11-25 13:50 . 2010-05-26 11:41 2106216 c:\windows\system32\D3DCompiler_43.dll
+ 2008-12-24 19:09 . 2007-11-21 10:15 1826816 c:\windows\SkyTel.exe
+ 2008-12-24 19:09 . 2009-06-23 09:39 1482752 c:\windows\RtlUpd.exe
+ 2008-12-24 19:09 . 2009-03-11 06:32 2168320 c:\windows\MicCal.exe
+ 2011-01-17 18:52 . 2011-01-17 18:52 1125888 c:\windows\Installer\1ddf5f4.msi
+ 2011-01-17 18:47 . 2011-01-17 18:47 1597440 c:\windows\Installer\1ddf439.msi
+ 2010-12-15 23:54 . 2010-09-09 13:38 1168384 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 3601920 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
+ 2010-12-15 23:55 . 2010-09-09 13:38 6075904 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
+ 2010-12-29 13:06 . 2010-12-29 13:06 2676224 c:\windows\assembly\tmp\MVCZC9AN\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec6601e9b75d691ee7339616559b5232\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7226cd21c68247fa3b23612fa1b848f9\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-01-21 16:58 . 2011-01-21 16:58 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4f183789843f054fba4ea676b9637b04\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-12-23 03:11 . 2010-12-23 03:11 4347392 c:\windows\assembly\NativeImages_v2.0.50727_32\KeePass\1bd4e40c5178a3ec1c48599f706d221e\KeePass.ni.exe
+ 2010-11-30 11:40 . 2010-11-30 11:40 1034752 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework\3.1.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-11-05 13:50 . 2010-11-05 13:50 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-01-14 13:08 . 2011-01-14 13:08 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-24 19:09 . 2008-06-20 08:42 2808832 c:\windows\ALCWZRD.EXE
+ 2010-12-15 23:56 . 2010-08-31 13:42 1852800 c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2010-10-26 13:27 . 2010-10-26 13:27 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-11-06 00:34 . 2010-11-06 00:34 1171968 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\urlmon.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 3607040 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll
+ 2010-11-06 00:34 . 2010-11-06 00:34 6080000 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieframe.dll
+ 2010-12-15 15:31 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieapfltr.dat
+ 2011-01-17 18:48 . 2010-09-11 01:54 16248832 c:\windows\system32\ReinstallBackups\0030\DriverFiles\B105079\atioglxx.dll
+ 2011-01-16 13:24 . 2010-10-05 17:11 19580520 c:\windows\system32\ReinstallBackups\0029\DriverFiles\RTHDCPL.EXE
+ 2008-12-24 20:55 . 2011-01-12 23:37 37403080 c:\windows\system32\MRT.exe
+ 2008-12-24 19:09 . 2009-07-29 14:02 18671104 c:\windows\RTHDCPL.EXE
+ 2010-12-19 23:21 . 2010-12-19 23:21 20304384 c:\windows\Installer\76de7fa.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 18:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"="atwtusb.exe beta" [X]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-03-26 2708312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-29 18671104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]

c:\documents and settings\Tobocom\Start Menu\Programs\Startup\
avast! Free Antivirus.lnk - c:\program files\Alwil Software\Avast5\AvastUI.exe [2010-7-10 3396624]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Tobocom^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Tobocom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Toby^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Toby\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Toby^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Toby\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 22:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-08-06 20:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-02-02 01:32 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 14:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-02-06 18:17 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 20:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 08:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2008-01-18 17:35 233472 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2008-01-18 17:36 131072 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2006-12-21 16:05 731976 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe Version Cue CS3"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Codemasters\\Damnation\\Binaries\\DamnGame.exe"=
"x:\\Program Files\\Steam\\Steam.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"x:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\bioshock 2\\SP\\Builds\\Binaries\\Bioshock2Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\bioshock 2\\MP\\Builds\\Binaries\\Bioshock2Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\bioshock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\deus ex invisible war\\System\\dx2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fear ultimate shooter edition\\FEAR.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fear ultimate shooter edition\\FEARXP2\\FEARXP2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\fear ultimate shooter edition\\FEARXP\\FEARXP.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord ii\\Overlord2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord ii\\Config.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\champions online\\Champions Online.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\dateavampire\\dystopia\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\numen\\numen.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=
"x:\\Program Files\\Steam\\steamapps\\common\\red faction guerrilla\\rfg_launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"x:\\Program Files\\Steam\\steamapps\\common\\red faction guerrilla\\rfg.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\dracula origin\\game.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\shank\\bin\\Shank.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\plain sight\\PlainSight.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\alpha protocol\\APLauncher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee\\AbeWin.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\the path\\PathViewer.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\burn zombie burn!\\BZB Launcher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\zombie driver\\Release\\ZombieDriver.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\the scourge project ep 1 - 2\\Binaries\\Win32\\ScourgeGame.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"x:\\Program Files\\Steam\\steamapps\\dateavampire\\team fortress 2 beta\\hl2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\tom clancy's splinter cell conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\tom clancy's splinter cell conviction\\src\\system\\UPlayBrowser.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\thepolynomial\\Polynomial.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\chronicles of riddick - assault on dark athena\\System\\Win32_x86\\DarkAthena.exe"=
"x:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"x:\\Program Files\\Steam\\steamapps\\dateavampire\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:*isabled:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:*isabled:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:*isabled:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:*isabled:Adobe Version Cue CS3 Server
"6112:TCP"= 6112:TCP:warcraft 
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6949:TCP"= 6949:TCP:League of Legends Launcher
"6949:UDP"= 6949:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"7000:TCP"= 7000:TCP:CO
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6914:TCP"= 6914:TCP:League of Legends Launcher
"6914:UDP"= 6914:UDP:League of Legends Launcher
"58730:TCP"= 58730:TCPando Media Booster
"58730:UDP"= 58730:UDPando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher

S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [1/21/2010 5:02 PM 22272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/10/2010 9:45 PM 294608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 6:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 6:41 PM 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/10/2010 9:45 PM 17744]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [6/22/2009 5:51 PM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 5:35 PM 135664]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/6/2010 8:31 AM 1238408]
S2 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper;c:\tombraid\TRAISVCS.EXE --> c:\tombraid\TRAISVCS.EXE [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/23/2009 2:50 AM 24652]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/24/2010 7:46 PM 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 8:07 PM 25832]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/22/2009 5:51 PM 36608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 9:10 PM 32512]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2/10/2009 4:23 PM 31872]
S3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [1/26/2010 3:52 PM 104960]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [1/30/2010 7:54 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/26/2009 6:31 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2011-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 17:35]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 17:35]

2010-12-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-09 15:48]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.koower.com/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j50j7342.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 00:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*'| "ò]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="?S?SÑ"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\=???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Zjõw*`E]
"DisplayName"="????????"
"DeviceDesc"="????????"
"ProviderName"=""
"MFG"="\\CurrentControlSet\\Services\\ati2mtag\\Device0"
"ReinstallString"="?"
"DeviceInstanceIds"=multi:"\0c\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ìÑ*põw]
"DisplayName"="????????"
"DeviceDesc"="????????"
"ProviderName"=""
"MFG"="\\CurrentControlSet\\Services\\ati2mtag\\Device0"
"ReinstallString"="?"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(240)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-01-28 00:04:19
ComboFix-quarantined-files.txt 2011-01-28 00:04
ComboFix2.txt 2010-11-12 19:40
ComboFix3.txt 2010-08-26 11:33

Pre-Run: 36,756,840,448 bytes free
Post-Run: 36,727,083,008 bytes free

- - End Of File - - 0D6AEAD561B3822F8FF2E00E08270AD0


----------



## CatByte (Feb 24, 2009)

Hi

Please do the following:


Please open your *MalwareBytes AntiMalware* Program
Click the *Update Tab* and *search for updates*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
*Copy&Paste the entire report in your next reply.*

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

Go *here* to run an online scanner from *ESET.*

*Note:* You will need to use *Internet explorer* for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activeX control to install
Click *Start*
Make sure that the option *Remove found threats* is unticked and the *Scan Archives* option is ticked.
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked.
Click *Scan*
Wait for the scan to finish
When the scan completes, press the *LIST OF THREATS FOUND* button
Press *EXPORT TO TEXT FILE *, name the file *ESETSCAN* and save it to your desktop 
Include the contents of this report in your next reply.
Press the *BACK* button.
Press *Finish*


----------



## Baronyx (Aug 2, 2010)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5785
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2/17/2011 6:13:17 PM
mbam-log-2011-02-17 (18-13-17).txt
Scan type: Quick scan
Objects scanned: 179019
Time elapsed: 21 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

The online scanner refused to load


----------



## CatByte (Feb 24, 2009)

Hi

please give this one a try:

Perform an online scan with Internet Explorer with *Panda ActiveScan*
 Click on *Scan your PCnow button* located at the bottom of the page.
 A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
 Enter your e-mail address, country, and state & click "Free Online Scan"  *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting the *Local Disks *button

 If it finds any malware, it will offer you a report.
 Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
 Click on the See Report button, then Save Report and save it to a convenient location. *Post the report in your next response.*

You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

Turn off the real time scanner of any existing antivirus program while performing the online scan
*
NEXT*
please post a fresh DDS Loga and advise how the computer is running and if there are any outstanding issues.


----------



## Baronyx (Aug 2, 2010)

This online scanner does not seem to work for me, and never passes 26% (after an entire night)


----------



## CatByte (Feb 24, 2009)

Please try this one instead:


Go to http://support.f-secure.com/enu/home/ols.shtml
Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click *Full System Scan* and allow the components to download and the scan to complete.
If malware is found, uncheck *Submit samples to F-Secure* then select *Automatic cleaning*
When cleaning has finished, click *Show report* (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

_*Notes:*

You must have administrator rights to run this scan
This scan can take a while, so please be patient
_


----------



## Baronyx (Aug 2, 2010)

This scanner refuses as apparently I do not have access rights (I am an administrator)


----------



## CatByte (Feb 24, 2009)

OK

try running it in safe mode with networking in the admin account:

To Enter Safemode 

Go to *Start> Shut off your Computer> Restart*
As the computer starts to boot-up, Tap the *F8 KEY* repeatedly,
this will bring up a *menu.*
Use the *Up and Down Arrow Keys* to scroll up to *Safemode with networking *
Then press the *Enter Key* on your Keyboard 
go into your usual account


----------



## Baronyx (Aug 2, 2010)

Okay i tried the ESET scan again and found these results

C:\Documents and Settings\Tobocom\Desktop\Thief-DS 1.1 Trainer.exe probably a variant of Win32/Spy.Agent.JHEYSFA trojan
C:\Documents and Settings\Tobocom\Local Settings\Temporary Internet Files\Content.IE5\NOQ7PCVM\6cd6bd[1].pdf JS/Exploit.Pdfka.ORJ trojan
C:\Documents and Settings\Tobocom\My Documents\Downloads\Thief-DS_1.1_Trainer_5.zip probably a variant of Win32/Spy.Agent.JHEYSFA trojan
C:\System Volume Information\_restore{360B4DD0-B9C2-497F-8EFD-411F4C8BF457}\RP287\A0145755.DLL Win32/HackTool.HotKeysHook application


----------



## CatByte (Feb 24, 2009)

Did you download this yourself?
*
C:\Documents and Settings\Tobocom\Desktop\Thief-DS 1.1 Trainer.exe*

Empty all your temp files

Download *TFC* to your *desktop*
*Mirror*

Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*
NEXT*

Visit *ADOBE*and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

*NEXT*








*Your Java is out of date.*
Java 6 Update 21 can be updated from the Java control panel *Start > Control Panel* (Classic View) > *Java* (looks like a coffee cup) >* Update Tab* > *Update Now*. 
An update should begin; > follow the prompts.

*Clear Java cache *

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'. 
On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*

*Applications and Applets
Trace and Log Files*

Click OK on Delete Temporary Files Window
*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

*
NEXT*

Please describe any outstanding issues in as much detail as possible


----------



## Baronyx (Aug 2, 2010)

Yes I down loaded that program myself. My antivirus supposed it was clean


----------



## Baronyx (Aug 2, 2010)

Okay the remover has run and rebooted (did it get rid of the trojans? It was awfully fast) I have updated my Adobe and Java;

New problems are existing in my internet connection; I find my connection cutting out every few minutes for no apparent reasons (Usually on online games). There are others on my network playing the same game without this problem.

- Once in a while my computer locks up without notice and a Sharp, squarking/crackling sound feeds through my speakers. [Incidentally the lights on my keyboard (I have a light-up keyboard) cut out]

Im not sure what could cause this; but I recently installed new/more RAM and do not remember either of these problems before then. (dunno if that could be a problem?)


----------



## CatByte (Feb 24, 2009)

It may very well be a compatibility issue with the Ram

I don't believe the outstanding issues are malware related. Your logs are not showing any more signs of infection.

I suggest posting a new topic in the hardware forum and see if any of our techs can offer suggestions to assist at this point.

I'll leave this thread as is until you hear back from the tech side of things, see if anything more can be done, then we can clean up all our tools.


----------



## Baronyx (Aug 2, 2010)

Okay ill repost in hardware. Thanks


----------



## CatByte (Feb 24, 2009)

OK, good, hopefully the techs can fix the outstanding issues


----------

