# "Windows - Virtual Memory Minium Too Low" Virus. Need help.



## Kronos2401 (Mar 31, 2012)

Hi,

I think I have a virus or something in my laptop. It seems a lot of people who had a similar problem got some good advice from in this website, so maybe you help me as well. 

I'm getting the same warning message every time I turn on my laptop. It says "Windows - Virtual Memory Minium Too Low". It started out of the blue about a month ago. It can't be anything to do with low memory, because it appears even before I do anything on the machine. My Avira (ver 12) doesn't seem to work anymore, every time I do a scan, it finds more viruses, and my laptop would not let me to go the website anymore. I also noticed that the hard drive is continuously running, even when Im not accessing any programs or have any web pages opened. The times I do use the web, it often freezes up, and I have to close all the pages just to unfreeze it. I tried System Restore, but I cant even get to any of my old save points anymore. 

I am running on XP and IE8. I have a log for anyone who needs it. Thanks again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:15, on 01/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Daemon Virtual Drive\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon Virtual Drive\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyPro Backup Service (MyBusinessWorksbackup) - MyBusinessWorks - C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 7455 bytes


----------



## flavallee (May 12, 2002)

Your computer appears to be a Toshiba laptop.

What model name and model number is it?

---------------------------------------------------------

Right-click MY COMPUTER, then click Properties.

What's listed in the *Computer:* section of the "General" tab?

----------------------------------------------------------

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------

Your computer appears to be infected.

Read the topmost "sticky" in this section, then provide the required logs and information so a gold/blue shield removal specialist can assist you.

----------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

I'm running XP - server pack 3
Yes it's a Toshiba Equium L350-10L
Dual CPU T2370 @ 1.73GHZ 1.99GB
I have not upgraded any of the hardware.

The uninstall_list.txt as follows -

32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
Bluetooth Monitor 4
DAEMON Tools
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Smart Web Printing
HP Solution Center 11.0
Intel(R) Graphics Media Accelerator Driver
iTunes
K-Lite Codec Pack 7.5.0 (Full)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 Premium
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MozyPro
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
OCR Software by I.R.I.S. 11.0
PurePlay Poker
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Synaptics Pointing Device Driver
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Search 4.0
WinZip 15.0


----------



## flavallee (May 12, 2002)

You must have uninstalled/removed *Avira AntiVir 12* because it doesn't appear in either of your logs.

Your "uninstall_list.txt" log shows no security-related programs installed, so your computer is completely unprotected from infections.

Download and SAVE:

*Malwarebytes Anti-Malware 1.60.1.1000* (free version)

*Microsoft Security Essentials 2.1.1116.0*

*SUPERAntiSpyware 5.0.0.1146* (free version)

Just download and SAVE them for now and do NOT install nor do anything with them yet.

As I previously advised you to do, you need to read the topmost "sticky" in this section and then provide the required logs and information if you want a gold/blue shield removal specialist to assist you.

---------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

I hope I have made these files correctly.

dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Derek at 11:45:25 on 2012-04-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Daemon Virtual Drive\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=uk&.pd=c%3D6T7evjap2e6CwWSb86QVdqk-&.done=http%3A%2F%2Fuk.yahoo.com%2F
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [XejAtgha] c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DAEMON Tools-1033] "c:\program files\daemon virtual drive\daemon.exe" -lang 1033
mRun: [NWEReboot] 
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [XejAtgha] c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro (corporate edition)\MyBusinessWorksstat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-5-7 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-5-7 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [2011-5-14 54776]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\mozypro (corporate edition)\MyBusinessWorksbackup.exe [2011-3-29 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-5-3 5888]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\derek\locals~1\temp\fshhtddm.sys --> c:\docume~1\derek\locals~1\temp\fshhtddm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-15 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-31 21:21:04 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 11:39:57 388096 ----a-r- c:\documents and settings\derek\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-18 11:39:57 -------- d-----w- c:\program files\Trend Micro
2012-03-17 11:43:18 98224 ---ha-w- c:\windows\system32\NUZ0Dp8
2012-03-16 23:28:59 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-03-15 22:43:52 98224 ---ha-w- c:\documents and settings\derek\UjPrn7vu
2012-03-15 22:43:51 98224 ---ha-w- c:\documents and settings\derek\8JqHb17E6
2012-03-10 01:02:22 -------- d-----w- c:\documents and settings\derek\local settings\application data\pxrnjgxj
2012-03-09 23:50:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-09 23:50:29 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-03-31 21:21:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 11:46:30.75 ===============


----------



## Kronos2401 (Mar 31, 2012)

Attach.txt uploaded


----------



## Kronos2401 (Mar 31, 2012)

Yes I did uninstall the *Avira AntiVir 12, *I thought it don't work any more, and I was planning to install a new anti-virus program until I came across this tech site.

Scanning with the GMER took almost 4 hours, is that suppose to happen? Also the saved file was asking to save as a *.log file. I had to change it to ark.txt.

***************************************************

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-06 16:23:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
Running: wgi92tgj.exe; Driver: C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwCreateKey [0xA6CFF6AC]
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwOpenKey [0xA6CFF562]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys The system cannot find the file specified. !
? C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\svchost.exe[156] time/date stamp mismatch; 
? C:\WINDOWS\system32\svchost.exe[720] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
? C:\WINDOWS\Explorer.EXE[848] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\Explorer.EXE[848] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\services.exe[972] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!TranslateMessage  7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[1156]  time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[1204] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\System32\svchost.exe[1244] time/date stamp mismatch; 
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
? C:\WINDOWS\system32\svchost.exe[1284] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
? C:\WINDOWS\system32\svchost.exe[1340] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[1428] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77 
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453 
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3 
.text C:\WINDOWS\System32\alg.exe[1672] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200220DB 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20022405 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2002271E 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002208D 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20022562 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20022396 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002247A 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002263D 
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200224EB 
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\acs.exe[1836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
? C:\WINDOWS\system32\svchost.exe[1880] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\System32\svchost.exe[2144] time/date stamp mismatch; 
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\svchost.exe[2144] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC 
.text C:\WINDOWS\system32\svchost.exe[2432] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 20201610 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 202068E0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 20206860 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 202068A0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 20206050 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 20206110 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 20205FF0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 20207DF0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 20207EB0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 20207A80 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 20207B00 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 20207BA0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 202060B0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 20207F10 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 20207B20 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 20206750 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 202067C0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 20205DA0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 20205D70 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 20207D20 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 20206170 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 20206920 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 20207D60 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 20207B60 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 20205E30 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 20205F40 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 20206800 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 20207E50 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 202069C0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 20207C20 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 20207CA0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 20207BE0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 20207C60 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 20207CE0 
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 20205DF0 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20023A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200236E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2002373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20023B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20022F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20023B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20022F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20023B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20023940 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20023899 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20022FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20023B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20022F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20022EBC 
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\hkcmd.exe[2640] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\igfxpers.exe[2684] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!NtResumeThread  7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\RTHDCPL.EXE[2700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Atheros\ACU.exe[2764] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77 
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453 
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3 
.text C:\Program Files\iPod\bin\iPodService.exe[2996] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text  C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\ctfmon.exe[3104] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
? C:\WINDOWS\System32\svchost.exe[3404] time/date stamp mismatch; 
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\svchost.exe[3404] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes  JMP 20063B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB 
? C:\WINDOWS\system32\svchost.exe[3600] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[3600] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D 
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[3472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs  8A6060D8
AttachedDevice \FileSystem\Ntfs \Ntfs MyBusinessWorks.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Cdrom \Device\CdRom0 8974FDE0
Device \FileSystem\Rdbss \Device\FsWrap 89A977C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89769210
Device \Driver\atapi \Device\Ide\IdePort0 89769210
Device \Driver\atapi \Device\Ide\IdePort1 89769210
Device \FileSystem\Srv \Device\LanmanServer 894185C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A98990
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A98990
Device \FileSystem\Npfs \Device\NamedPipe 89331840
Device \FileSystem\Msfs \Device\Mailslot 8957A470
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 897FA248
Device \FileSystem\Cdfs \Cdfs 894FED70
---- Modules - GMER 1.0.15 ----
Module _________ B9E0B000-B9E23000 (98304 bytes)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe 98224 bytes executable
File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
---- EOF - GMER 1.0.15 ----


----------



## flavallee (May 12, 2002)

Click Start - Run, then type in *MSCONFIG* and then click OK - "Startup" tab.

Write down only the names in the "Startup Item" that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list, and make sure to spell them exactly as you see them there.

----------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

Flavalee, 
Thanks for your speedy response. Here's the list.

igfxtray
hkcmd
igfxpers
RTHDCPL
ALCMTR
SynTPEnh
ACU
thotkey
HPWuSchd2
qttask
daemon
NeroCheck
iTunesHelper
ctfmon
msmsgs
xejatgha
Adobe Reader Speed Launch
Microsoft Office
MozyPro Status
Windows Search


----------



## flavallee (May 12, 2002)

Go back to Start - Run - MSCONFIG - OK - "Startup" tab.

Remove the checkmark in these startup entries:

*igfxtray

hkcmd

igfxpers

RTHDCPL

ALCMTR

HPWuSchd2

qttask

daemon

NeroCheck

iTunesHelper

ctfmon

msmsgs

xejatgha

Adobe Reader Speed Launch

Microsoft Office

Windows Search*

After you're done, click Apply - OK/Close - Restart.

When the small System Configuration Utility window appears, ignore its message.

Do NOT reset it back to normal startup mode!!!

Put a checkmark in the lower left of that window BEFORE you click OK to close it.

----------------------------------------------

Wait for the computer to completely settle down from the restart.

Install the 3 security programs that I advised you to download and save in post #4.

Make sure to update their definition files during the install process.

After they've been installed and updated, restart the computer.

DON'T run any scans with them yet!!!

----------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

Flavallee,

Followed your instructions with the msconfig. Then installed the 3 programs. As instructed I did not run any of the scans, however I was unable to run the update to the MS Security or the SuperAntiSpyware. And the Anti-Malware doesn't seems to run at all.


----------



## flavallee (May 12, 2002)

You got all of them installed and they all appear in Control Panel - Add Or Remove Programs?

If they do, do the following, one at a time:

Start *Microsoft Security Essentials*, then click "Update"(tab) - "Update"(button).

Start *SUPERAntiSpyware*, then click "Check For Updates"(button).

Start *Malwarebytes Anti-Malware*, then click "Update"(tab) - "Check For Updates"(button).

Did any or all of them update?

----------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

Yes all 3 is listed in the Add or Remove Programs.

Anti-Malware would start, just a warning message;

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the items." (just to add I do have full access permission to the laptop)

AntiSpyware can start but would not check updates;

"Checking for Definition updates" - "Failed"
"Definitions Update ERROR" - "Failed"

MS Security can also start but again would not update;

"Virus and spyware definitions update failed"
"Security Essentials could not check for virus and spyware definition updates due to an Internet or network connections issue"
"Click Help for more information about this problem"
"Error code: 0x80072efd"
"Error description: Security Essentials couldn't detect an Internet connection. Check your Internet connection, and then try again"


----------



## flavallee (May 12, 2002)

They're not updating because the internet connection to that computer doesn't appear to be working.

Are you still able to go on-line and load webpages?

----------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

Yes I can still go online. This is why I think I have an infection of some sort as the computer is restricting me to 'visit' antivirus websites. I no long able to visit the avira.com site.


----------



## flavallee (May 12, 2002)

Navigate to the

*C:
Documents And Settings
Derek
Local Settings
Application Data*

folder.

Is the

*pxrnjgxj*

folder still present inside the

*Application Data*

folder?

--------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

Yes pxrnjgxj is still in the application data. Although its empty at the moment, and I don't recognize the folder at all.


----------



## flavallee (May 12, 2002)

You're saying there's NOTHING inside of the *pxrnjgxj* folder?

Regardless of whether it's empty or contains any files, right-click directly on it, then click Delete - Yes.

If it deletes, restart the computer, then try again to update MSE and MBAM and SAS.

----------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

The computer won't let me delete the folder.

"Error Deleting File or Folder"
"Cannot delete pxrnjgxj: The directory is not empty"

Although there really isn't anything in it. Not enough hidden files.

I even try to change the folders name, then delete it. But no good, still the same message. So I changed it back to the original name.


----------



## flavallee (May 12, 2002)

According to your logs, the *pxrnjgxj* folder is NOT empty and contains a *xejatgha.exe* file. The folder may also contain other files. Deleting the files one at a time until the folder is empty and then deleting the empty folder sometimes works. You say the folder is empty though, so I'm a bit confused. 

-----------------------------------------------------------


----------



## flavallee (May 12, 2002)

Navigate to these folders:

*C:\Program Files\Malwarebytes Anti-Malware

C:\Program Files\SUPERAntiSpyware*

Rename the *mbam.exe* file to *puppy.exe*

Rename the *superantispyware.exe* file to *kitten.exe*

Restart the computer.

Try again to update both programs.

----------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

I have renamed the two files.

The anti-malware will now start and can carry out an update.

The anti-spyware still will not update. Has the same "failed" message as before.

The pxrnjgxj folder is visibly empty when opened and with no files that I can select at all. I guess this is one of charateristic of this virus/malware.


----------



## flavallee (May 12, 2002)

Do the following in the order listed.

DON'T use the computer while each scan is in progress.

---------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

Anti-Malware log;

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.08.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Derek :: EQUIUM [administrator]
09/04/2012 10:12:07
mbam-log-2012-04-09 (10-12-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228546
Time elapsed: 18 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XejAtgha (Virus.Ramnit) -> Data: C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XejAtgha (Virus.Ramnit) -> Data: C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\derek\start menu\programs\startup\xejatgha.exe (Virus.Ramnit) -> Delete on reboot.
c:\windows\system32\config\systemprofile\start menu\programs\startup\xejatgha.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NUZ0Dp8 (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\Local Settings\Temp\pjeuvijglhepyppn.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\Local Settings\Temp\wpbt0.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pjeuvijglhepyppn.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\8JqHb17E6 (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\UjPrn7vu (Virus.Ramnit) -> Quarantined and deleted successfully.
(end)

============================================

AntiSpyware log;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/09/2012 at 11:29 AM
Application Version : 5.0.1146
Core Rules Database Version : 8423
Trace Rules Database Version: 6235
Scan type : Quick Scan
Total Scan Time : 00:16:56
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 504
Memory threats detected : 0
Registry items scanned : 29459
Registry threats detected : 0
File items scanned : 13218
File threats detected : 12
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][2].txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\DEREK\DESKTOP\F\DOCUMENTS AND SETTINGS\DEFAULT\COOKIES\[email protected][2].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\DEREK\DESKTOP\F\DOCUMENTS AND SETTINGS\DEFAULT\COOKIES\[email protected][1].TXT [ /ATWOLA ]


----------



## flavallee (May 12, 2002)

It looks like *Malwarebytes Anti-Malware* found and quarantined/deleted that infection. :up:

Start HiJackThis, then click "Do a system scan and save a log file", then save the new log that appears, then copy-and-paste it here.

------------------------------------------------------------


----------



## Kronos2401 (Mar 31, 2012)

New HiJackThis log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:49, on 09/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=uk&.pd=c%3D6T7evjap2e6CwWSb86QVdqk-&.done=http%3A%2F%2Fuk.yahoo.com%2F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyPro Backup Service (MyBusinessWorksbackup) - MyBusinessWorks - C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 6419 bytes


----------



## flavallee (May 12, 2002)

These log entries are still present: 

*F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe,

O4 - HKCU\..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe*

I've requested a gold/blue shield removal specialist assist you.

This section is very busy, so be patient.

----------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Hiya

MBAM is saying that its Ramnit. Hopefully its not the full infection, because if it is, in the majority of cases a format will be required. However, lets see if we can get rid of it first 

---------------------

Can you run the following tools, and copy/paste the logs that they produce here:

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-------------------------

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Kronos2401 (Mar 31, 2012)

Sorry eddie, the computer will not let me download TDSSKiller. Shall I download it from another computer and transfer it to this computer via a usb stick?


----------



## eddie5659 (Mar 19, 2001)

If you can, try it. It should be nice and small 

If not, just run aswmbr and combofix and post the logs, and we can go from there 

eddie


----------



## Kronos2401 (Mar 31, 2012)

21:30:42.0343 4872 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:30:43.0359 4872 ============================================================
21:30:43.0359 4872 Current date / time: 2012/04/13 21:30:43.0359
21:30:43.0359 4872 SystemInfo:
21:30:43.0359 4872 
21:30:43.0359 4872 OS Version: 5.1.2600 ServicePack: 3.0
21:30:43.0359 4872 Product type: Workstation
21:30:43.0359 4872 ComputerName: EQUIUM
21:30:43.0359 4872 UserName: Derek
21:30:43.0359 4872 Windows directory: C:\WINDOWS
21:30:43.0359 4872 System windows directory: C:\WINDOWS
21:30:43.0359 4872 Processor architecture: Intel x86
21:30:43.0359 4872 Number of processors: 2
21:30:43.0359 4872 Page size: 0x1000
21:30:43.0359 4872 Boot type: Normal boot
21:30:43.0359 4872 ============================================================
21:30:43.0765 4872 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:30:43.0765 4872 \Device\Harddisk0\DR0:
21:30:43.0765 4872 MBR used
21:30:43.0765 4872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6F7A800
21:30:43.0765 4872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7269000, BlocksNum 0x6D2B3B0
21:30:43.0906 4872 Initialize success
21:30:43.0906 4872 ============================================================
21:33:03.0203 0660 ============================================================
21:33:03.0203 0660 Scan started
21:33:03.0203 0660 Mode: Manual; SigCheck; TDLFS; 
21:33:03.0203 0660 ============================================================
21:33:03.0750 0660 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:33:03.0937 0660 !SASCORE - ok
21:33:04.0109 0660 Abiosdsk - ok
21:33:04.0125 0660 abp480n5 - ok
21:33:04.0156 0660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:33:05.0968 0660 ACPI - ok
21:33:06.0093 0660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:33:06.0265 0660 ACPIEC - ok
21:33:06.0390 0660 ACS (75265152c2a2d1cbd2df180d63081d01) C:\WINDOWS\system32\acs.exe
21:33:06.0468 0660 ACS ( UnsignedFile.Multi.Generic ) - warning
21:33:06.0468 0660 ACS - detected UnsignedFile.Multi.Generic (1)
21:33:06.0640 0660 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:06.0656 0660 AdobeFlashPlayerUpdateSvc - ok
21:33:06.0671 0660 adpu160m - ok
21:33:06.0750 0660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:33:06.0890 0660 aec - ok
21:33:07.0015 0660 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:33:07.0062 0660 AFD - ok
21:33:07.0156 0660 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:33:07.0265 0660 AgereSoftModem - ok
21:33:07.0359 0660 Aha154x - ok
21:33:07.0375 0660 aic78u2 - ok
21:33:07.0390 0660 aic78xx - ok
21:33:07.0437 0660 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:33:07.0546 0660 Alerter - ok
21:33:07.0578 0660 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:33:07.0640 0660 ALG - ok
21:33:07.0656 0660 AliIde - ok
21:33:07.0671 0660 amsint - ok
21:33:07.0796 0660 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:07.0812 0660 Apple Mobile Device - ok
21:33:07.0937 0660 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:33:08.0031 0660 AppMgmt - ok
21:33:08.0109 0660 AR5416 (864a4047208c02e5b3b2d907c920597d) C:\WINDOWS\system32\DRIVERS\athw.sys
21:33:08.0218 0660 AR5416 - ok
21:33:08.0328 0660 asc - ok
21:33:08.0343 0660 asc3350p - ok
21:33:08.0359 0660 asc3550 - ok
21:33:08.0453 0660 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:33:08.0468 0660 aspnet_state - ok
21:33:08.0593 0660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:33:08.0734 0660 AsyncMac - ok
21:33:08.0796 0660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:33:08.0953 0660 atapi - ok
21:33:09.0031 0660 Atdisk - ok
21:33:09.0078 0660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:33:09.0203 0660 Atmarpc - ok
21:33:09.0250 0660 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:33:09.0390 0660 AudioSrv - ok
21:33:09.0468 0660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:33:09.0609 0660 audstub - ok
21:33:09.0656 0660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:33:09.0781 0660 Beep - ok
21:33:09.0843 0660 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:33:10.0000 0660 BITS - ok
21:33:10.0109 0660 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:33:10.0234 0660 Browser - ok
21:33:10.0281 0660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:33:10.0421 0660 cbidf2k - ok
21:33:10.0531 0660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:33:10.0656 0660 CCDECODE - ok
21:33:10.0687 0660 cd20xrnt - ok
21:33:10.0703 0660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:33:10.0828 0660 Cdaudio - ok
21:33:10.0968 0660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:33:11.0093 0660 Cdfs - ok
21:33:11.0109 0660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:33:11.0234 0660 Cdrom - ok
21:33:11.0234 0660 Changer - ok
21:33:11.0265 0660 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:33:11.0375 0660 CiSvc - ok
21:33:11.0515 0660 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:33:11.0640 0660 ClipSrv - ok
21:33:11.0718 0660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:11.0734 0660 clr_optimization_v2.0.50727_32 - ok
21:33:11.0828 0660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:11.0843 0660 clr_optimization_v4.0.30319_32 - ok
21:33:11.0937 0660 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:33:12.0062 0660 CmBatt - ok
21:33:12.0125 0660 CmdIde - ok
21:33:12.0171 0660 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:33:12.0296 0660 Compbatt - ok
21:33:12.0312 0660 COMSysApp - ok
21:33:12.0343 0660 Cpqarray - ok
21:33:12.0390 0660 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:33:12.0531 0660 CryptSvc - ok
21:33:12.0625 0660 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
21:33:12.0640 0660 d347bus ( UnsignedFile.Multi.Generic ) - warning
21:33:12.0640 0660 d347bus - detected UnsignedFile.Multi.Generic (1)
21:33:12.0687 0660 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
21:33:12.0703 0660 d347prt ( UnsignedFile.Multi.Generic ) - warning
21:33:12.0703 0660 d347prt - detected UnsignedFile.Multi.Generic (1)
21:33:12.0703 0660 dac2w2k - ok
21:33:12.0718 0660 dac960nt - ok
21:33:12.0781 0660 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:33:12.0859 0660 DcomLaunch - ok
21:33:13.0015 0660 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:33:13.0125 0660 Dhcp - ok
21:33:13.0171 0660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:33:13.0296 0660 Disk - ok
21:33:13.0375 0660 dmadmin - ok
21:33:13.0437 0660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:33:13.0609 0660 dmboot - ok
21:33:13.0656 0660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:33:13.0796 0660 dmio - ok
21:33:13.0906 0660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:33:14.0031 0660 dmload - ok
21:33:14.0078 0660 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:33:14.0203 0660 dmserver - ok
21:33:14.0281 0660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:33:14.0406 0660 DMusic - ok
21:33:14.0515 0660 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:33:14.0562 0660 Dnscache - ok
21:33:14.0609 0660 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:33:14.0734 0660 Dot3svc - ok
21:33:14.0843 0660 dpti2o - ok
21:33:14.0890 0660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:33:15.0000 0660 drmkaud - ok
21:33:15.0062 0660 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:33:15.0171 0660 EapHost - ok
21:33:15.0203 0660 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:33:15.0328 0660 ERSvc - ok
21:33:15.0437 0660 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:33:15.0468 0660 Eventlog - ok
21:33:15.0515 0660 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:33:15.0562 0660 EventSystem - ok
21:33:15.0687 0660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:33:15.0812 0660 Fastfat - ok
21:33:15.0875 0660 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:33:15.0937 0660 FastUserSwitchingCompatibility - ok
21:33:16.0046 0660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:33:16.0156 0660 Fdc - ok
21:33:16.0203 0660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:33:16.0328 0660 Fips - ok
21:33:16.0343 0660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:33:16.0468 0660 Flpydisk - ok
21:33:16.0546 0660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:33:16.0656 0660 FltMgr - ok
21:33:16.0750 0660 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:16.0765 0660 FontCache3.0.0.0 - ok
21:33:16.0921 0660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:33:17.0046 0660 Fs_Rec - ok
21:33:17.0109 0660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:33:17.0234 0660 Ftdisk - ok
21:33:17.0281 0660 FwLnk (4d52c52101492c450518124c592d8925) C:\WINDOWS\system32\DRIVERS\FwLnk.sys
21:33:17.0312 0660 FwLnk - ok
21:33:17.0359 0660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:33:17.0359 0660 GEARAspiWDM - ok
21:33:17.0437 0660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:33:17.0578 0660 Gpc - ok
21:33:17.0687 0660 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:17.0703 0660 gupdate - ok
21:33:17.0718 0660 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:17.0718 0660 gupdatem - ok
21:33:17.0859 0660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:33:18.0031 0660 HDAudBus - ok
21:33:18.0062 0660 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:33:18.0187 0660 helpsvc - ok
21:33:18.0281 0660 HidServ - ok
21:33:18.0359 0660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:33:18.0484 0660 HidUsb - ok
21:33:18.0515 0660 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:33:18.0640 0660 hkmsvc - ok
21:33:18.0734 0660 hpn - ok
21:33:18.0875 0660 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:33:18.0906 0660 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:33:18.0906 0660 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:33:18.0953 0660 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:33:18.0953 0660 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:33:18.0968 0660 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:33:19.0093 0660 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:33:19.0265 0660 HPZid412 - ok
21:33:19.0390 0660 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:33:19.0437 0660 HPZipr12 - ok
21:33:19.0453 0660 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:33:19.0500 0660 HPZius12 - ok
21:33:19.0625 0660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:33:19.0656 0660 HTTP - ok
21:33:19.0703 0660 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:33:19.0812 0660 HTTPFilter - ok
21:33:19.0828 0660 i2omgmt - ok
21:33:19.0828 0660 i2omp - ok
21:33:19.0875 0660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:33:20.0000 0660 i8042prt - ok
21:33:20.0296 0660 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:33:20.0640 0660 ialm - ok
21:33:20.0781 0660 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:33:20.0812 0660 iaStor - ok
21:33:20.0921 0660 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:20.0968 0660 idsvc - ok
21:33:21.0109 0660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:33:21.0234 0660 Imapi - ok
21:33:21.0250 0660 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:33:21.0375 0660 ImapiService - ok
21:33:21.0468 0660 InCDFs - ok
21:33:21.0468 0660 InCDPass - ok
21:33:21.0484 0660 InCDRm - ok
21:33:21.0500 0660 ini910u - ok
21:33:21.0687 0660 IntcAzAudAddService (f7f3328544e1ac2e97caea9b39d9b9de) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:33:21.0906 0660 IntcAzAudAddService - ok
21:33:22.0031 0660 IntelIde - ok
21:33:22.0078 0660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:33:22.0203 0660 intelppm - ok
21:33:22.0234 0660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:33:22.0359 0660 Ip6Fw - ok
21:33:22.0484 0660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:33:22.0609 0660 IpFilterDriver - ok
21:33:22.0640 0660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:33:22.0765 0660 IpInIp - ok
21:33:22.0796 0660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:33:22.0937 0660 IpNat - ok
21:33:23.0046 0660 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
21:33:23.0093 0660 iPod Service - ok
21:33:23.0234 0660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:33:23.0359 0660 IPSec - ok
21:33:23.0390 0660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:33:23.0453 0660 IRENUM - ok
21:33:23.0578 0660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:33:23.0703 0660 isapnp - ok
21:33:23.0718 0660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:33:23.0843 0660 Kbdclass - ok
21:33:24.0140 0660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:33:24.0296 0660 kmixer - ok
21:33:24.0375 0660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:33:24.0421 0660 KSecDD - ok
21:33:24.0500 0660 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:33:24.0531 0660 LanmanServer - ok
21:33:24.0593 0660 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:33:24.0656 0660 lanmanworkstation - ok
21:33:24.0718 0660 lbrtfdc - ok
21:33:24.0781 0660 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:33:24.0906 0660 LmHosts - ok
21:33:24.0953 0660 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:33:25.0093 0660 Messenger - ok
21:33:25.0187 0660 Micorsoft Windows Service - ok
21:33:25.0265 0660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:33:25.0390 0660 mnmdd - ok
21:33:25.0453 0660 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:33:25.0578 0660 mnmsrvc - ok
21:33:25.0625 0660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:33:25.0750 0660 Modem - ok
21:33:25.0843 0660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:33:25.0984 0660 Mouclass - ok
21:33:26.0046 0660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:33:26.0171 0660 mouhid - ok
21:33:26.0234 0660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:33:26.0343 0660 MountMgr - ok
21:33:26.0390 0660 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:33:26.0406 0660 MpFilter - ok
21:33:26.0453 0660 mraid35x - ok
21:33:26.0468 0660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:33:26.0593 0660 MRxDAV - ok
21:33:26.0671 0660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:33:26.0734 0660 MRxSmb - ok
21:33:26.0781 0660 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:33:26.0921 0660 MSDTC - ok
21:33:27.0015 0660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:33:27.0140 0660 Msfs - ok
21:33:27.0156 0660 MSIServer - ok
21:33:27.0203 0660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:33:27.0328 0660 MSKSSRV - ok
21:33:27.0437 0660 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:33:27.0453 0660 MsMpSvc - ok
21:33:27.0562 0660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:33:27.0687 0660 MSPCLOCK - ok
21:33:27.0734 0660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:33:27.0875 0660 MSPQM - ok
21:33:27.0968 0660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:33:28.0093 0660 mssmbios - ok
21:33:28.0140 0660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:33:28.0281 0660 MSTEE - ok
21:33:28.0390 0660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:33:28.0406 0660 Mup - ok
21:33:28.0500 0660 MyBusinessWorksbackup (47ea6a0a6ef128ce46425689a153a0dc) C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
21:33:28.0500 0660 MyBusinessWorksbackup - ok
21:33:28.0625 0660 MyBusinessWorksFilter (b8e08bfcab2be31804cea983d2094faf) C:\WINDOWS\system32\DRIVERS\MyBusinessWorks.sys
21:33:28.0640 0660 MyBusinessWorksFilter - ok
21:33:28.0671 0660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:33:28.0796 0660 NABTSFEC - ok
21:33:28.0859 0660 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:33:29.0000 0660 napagent - ok
21:33:29.0140 0660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:33:29.0265 0660 NDIS - ok
21:33:29.0312 0660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:33:29.0437 0660 NdisIP - ok
21:33:29.0562 0660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:33:29.0609 0660 NdisTapi - ok
21:33:29.0640 0660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:33:29.0765 0660 Ndisuio - ok
21:33:29.0921 0660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:33:30.0046 0660 NdisWan - ok
21:33:30.0093 0660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:33:30.0109 0660 NDProxy - ok
21:33:30.0250 0660 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\WINDOWS\system32\HPZinw12.dll
21:33:30.0265 0660 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:30.0265 0660 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:30.0328 0660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:33:30.0453 0660 NetBIOS - ok
21:33:30.0546 0660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:33:30.0671 0660 NetBT - ok
21:33:30.0703 0660 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:33:30.0812 0660 NetDDE - ok
21:33:30.0828 0660 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:33:30.0953 0660 NetDDEdsdm - ok
21:33:30.0984 0660 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:33:31.0093 0660 Netlogon - ok
21:33:31.0203 0660 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:33:31.0328 0660 Netman - ok
21:33:31.0406 0660 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:31.0421 0660 NetTcpPortSharing - ok
21:33:31.0546 0660 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:33:31.0578 0660 Nla - ok
21:33:31.0640 0660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:33:31.0765 0660 Npfs - ok
21:33:31.0890 0660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:33:32.0031 0660 Ntfs - ok
21:33:32.0062 0660 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:33:32.0187 0660 NtLmSsp - ok
21:33:32.0218 0660 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:33:32.0359 0660 NtmsSvc - ok
21:33:32.0468 0660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:33:32.0609 0660 Null - ok
21:33:32.0640 0660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:33:32.0765 0660 NwlnkFlt - ok
21:33:32.0781 0660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:33:32.0906 0660 NwlnkFwd - ok
21:33:33.0031 0660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:33:33.0156 0660 Parport - ok
21:33:33.0187 0660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:33:33.0312 0660 PartMgr - ok
21:33:33.0421 0660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:33:33.0562 0660 ParVdm - ok
21:33:33.0609 0660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:33:33.0734 0660 PCI - ok
21:33:33.0859 0660 PCIDump - ok
21:33:33.0859 0660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:33:34.0000 0660 PCIIde - ok
21:33:34.0031 0660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:33:34.0156 0660 Pcmcia - ok
21:33:34.0156 0660 PDCOMP - ok
21:33:34.0171 0660 PDFRAME - ok
21:33:34.0187 0660 PDRELI - ok
21:33:34.0203 0660 PDRFRAME - ok
21:33:34.0203 0660 perc2 - ok
21:33:34.0218 0660 perc2hib - ok
21:33:34.0296 0660 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:33:34.0312 0660 PlugPlay - ok
21:33:34.0453 0660 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\WINDOWS\system32\HPZipm12.dll
21:33:34.0453 0660 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:34.0453 0660 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:34.0515 0660 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:33:34.0609 0660 PolicyAgent - ok
21:33:34.0671 0660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:33:34.0796 0660 PptpMiniport - ok
21:33:34.0921 0660 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:33:35.0031 0660 ProtectedStorage - ok
21:33:35.0062 0660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:33:35.0187 0660 PSched - ok
21:33:35.0250 0660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:33:35.0375 0660 Ptilink - ok
21:33:35.0468 0660 ql1080 - ok
21:33:35.0484 0660 Ql10wnt - ok
21:33:35.0484 0660 ql12160 - ok
21:33:35.0500 0660 ql1240 - ok
21:33:35.0515 0660 ql1280 - ok
21:33:35.0531 0660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:33:35.0656 0660 RasAcd - ok
21:33:35.0687 0660 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:33:35.0828 0660 RasAuto - ok
21:33:35.0859 0660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:33:35.0984 0660 Rasl2tp - ok
21:33:36.0109 0660 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:33:36.0234 0660 RasMan - ok
21:33:36.0250 0660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:33:36.0375 0660 RasPppoe - ok
21:33:36.0437 0660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:33:36.0562 0660 Raspti - ok
21:33:36.0687 0660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:33:36.0812 0660 Rdbss - ok
21:33:36.0875 0660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:33:37.0000 0660 RDPCDD - ok
21:33:37.0140 0660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:33:37.0265 0660 rdpdr - ok
21:33:37.0328 0660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:33:37.0375 0660 RDPWD - ok
21:33:37.0500 0660 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:33:37.0625 0660 RDSessMgr - ok
21:33:37.0671 0660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:33:37.0812 0660 redbook - ok
21:33:37.0937 0660 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:33:38.0078 0660 RemoteAccess - ok
21:33:38.0140 0660 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:33:38.0265 0660 RemoteRegistry - ok
21:33:38.0296 0660 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:33:38.0406 0660 RpcLocator - ok
21:33:38.0546 0660 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:33:38.0609 0660 RpcSs - ok
21:33:38.0656 0660 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:33:38.0781 0660 RSVP - ok
21:33:38.0953 0660 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:33:38.0968 0660 RTLE8023xp - ok
21:33:39.0015 0660 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:33:39.0140 0660 SamSs - ok
21:33:39.0234 0660 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:33:39.0250 0660 SASDIFSV - ok
21:33:39.0250 0660 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:33:39.0265 0660 SASKUTIL - ok
21:33:39.0390 0660 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:33:39.0531 0660 SCardSvr - ok
21:33:39.0578 0660 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:33:39.0703 0660 Schedule - ok
21:33:39.0843 0660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:33:39.0890 0660 Secdrv - ok
21:33:39.0906 0660 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:33:40.0031 0660 seclogon - ok
21:33:40.0093 0660 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:33:40.0218 0660 SENS - ok
21:33:40.0343 0660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:33:40.0453 0660 Serial - ok
21:33:40.0515 0660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:33:40.0656 0660 Sfloppy - ok
21:33:40.0750 0660 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:33:40.0921 0660 SharedAccess - ok
21:33:40.0984 0660 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:33:41.0015 0660 ShellHWDetection - ok
21:33:41.0093 0660 Simbad - ok
21:33:41.0140 0660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:33:41.0265 0660 SLIP - ok
21:33:41.0296 0660 Sparrow - ok
21:33:41.0328 0660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:33:41.0437 0660 splitter - ok
21:33:41.0484 0660 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:33:41.0500 0660 Spooler - ok
21:33:41.0625 0660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:33:41.0687 0660 sr - ok
21:33:41.0734 0660 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:33:41.0796 0660 srservice - ok
21:33:41.0921 0660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:33:42.0000 0660 Srv - ok
21:33:42.0062 0660 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:33:42.0109 0660 SSDPSRV - ok
21:33:42.0234 0660 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:33:42.0359 0660 stisvc - ok
21:33:42.0437 0660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:33:42.0578 0660 streamip - ok
21:33:42.0671 0660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:33:42.0796 0660 swenum - ok
21:33:42.0937 0660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:33:43.0062 0660 swmidi - ok
21:33:43.0109 0660 symc810 - ok
21:33:43.0125 0660 symc8xx - ok
21:33:43.0140 0660 sym_hi - ok
21:33:43.0140 0660 sym_u3 - ok
21:33:43.0203 0660 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:33:43.0250 0660 SynTP - ok
21:33:43.0375 0660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:33:43.0484 0660 sysaudio - ok
21:33:43.0546 0660 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:33:43.0671 0660 SysmonLog - ok
21:33:43.0703 0660 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:33:43.0812 0660 TapiSrv - ok
21:33:43.0921 0660 TAPPSRV (3f061f306edfcfed162f820991d4ce87) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
21:33:43.0937 0660 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
21:33:43.0937 0660 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
21:33:44.0062 0660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:33:44.0109 0660 Tcpip - ok
21:33:44.0203 0660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:33:44.0312 0660 TDPIPE - ok
21:33:44.0390 0660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:33:44.0515 0660 TDTCP - ok
21:33:44.0578 0660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:33:44.0703 0660 TermDD - ok
21:33:44.0750 0660 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:33:44.0875 0660 TermService - ok
21:33:44.0968 0660 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:33:44.0984 0660 Themes - ok
21:33:45.0046 0660 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:33:45.0093 0660 TlntSvr - ok
21:33:45.0125 0660 TosIde - ok
21:33:45.0203 0660 Tosrfcom - ok
21:33:45.0218 0660 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:33:45.0343 0660 TrkWks - ok
21:33:45.0406 0660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:33:45.0531 0660 Udfs - ok
21:33:45.0609 0660 ultra - ok
21:33:45.0671 0660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:33:45.0796 0660 Update - ok
21:33:45.0875 0660 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:33:45.0937 0660 upnphost - ok
21:33:45.0984 0660 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:33:46.0109 0660 UPS - ok
21:33:46.0187 0660 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:33:46.0234 0660 USBAAPL - ok
21:33:46.0312 0660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:33:46.0437 0660 usbccgp - ok
21:33:46.0500 0660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:33:46.0625 0660 usbehci - ok
21:33:46.0656 0660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:33:46.0765 0660 usbhub - ok
21:33:46.0859 0660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:33:46.0984 0660 usbprint - ok
21:33:47.0078 0660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:33:47.0203 0660 usbscan - ok
21:33:47.0296 0660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:33:47.0421 0660 USBSTOR - ok
21:33:47.0484 0660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:33:47.0593 0660 usbuhci - ok
21:33:47.0640 0660 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:33:47.0765 0660 usbvideo - ok
21:33:47.0875 0660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:33:48.0031 0660 VgaSave - ok
21:33:48.0062 0660 ViaIde - ok
21:33:48.0078 0660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:33:48.0218 0660 VolSnap - ok
21:33:48.0312 0660 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:33:48.0406 0660 VSS - ok
21:33:48.0453 0660 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:33:48.0578 0660 W32Time - ok
21:33:48.0687 0660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:33:48.0812 0660 Wanarp - ok
21:33:48.0828 0660 WDICA - ok
21:33:48.0875 0660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:33:49.0000 0660 wdmaud - ok
21:33:49.0062 0660 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:33:49.0187 0660 WebClient - ok
21:33:49.0250 0660 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:33:49.0375 0660 winmgmt - ok
21:33:49.0484 0660 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
21:33:49.0593 0660 WinRM - ok
21:33:49.0671 0660 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
21:33:49.0718 0660 WmdmPmSN - ok
21:33:49.0781 0660 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:33:49.0828 0660 Wmi - ok
21:33:50.0015 0660 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:33:50.0140 0660 WmiApSrv - ok
21:33:50.0562 0660 WMPNetworkSvc (7fd853142dd3af7d7e2ac06e5b708e48) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:33:50.0921 0660 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
21:33:50.0921 0660 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
21:33:51.0250 0660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:33:51.0265 0660 WpdUsb - ok
21:33:51.0375 0660 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:33:51.0421 0660 WPFFontCache_v0400 - ok
21:33:51.0546 0660 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:33:51.0671 0660 WS2IFSL - ok
21:33:51.0750 0660 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:33:51.0875 0660 wscsvc - ok
21:33:51.0921 0660 WSearch - ok
21:33:51.0984 0660 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
21:33:52.0031 0660 WSIMD - ok
21:33:52.0093 0660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:33:52.0218 0660 WSTCODEC - ok
21:33:52.0296 0660 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:33:52.0421 0660 wuauserv - ok
21:33:52.0500 0660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:33:52.0546 0660 WudfPf - ok
21:33:52.0687 0660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:33:52.0718 0660 WudfRd - ok
21:33:52.0734 0660 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:33:52.0750 0660 WudfSvc - ok
21:33:52.0843 0660 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:33:53.0015 0660 WZCSVC - ok
21:33:53.0062 0660 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:33:53.0187 0660 xmlprov - ok
21:33:53.0234 0660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:33:54.0375 0660 \Device\Harddisk0\DR0 - ok
21:33:54.0406 0660 Boot (0x1200) (fa3e5af64ccef5215ecc575c86f26124) \Device\Harddisk0\DR0\Partition0
21:33:54.0406 0660 \Device\Harddisk0\DR0\Partition0 - ok
21:33:54.0437 0660 Boot (0x1200) (847f920c0d5a20f363b92e38ebce9905) \Device\Harddisk0\DR0\Partition1
21:33:54.0437 0660 \Device\Harddisk0\DR0\Partition1 - ok
21:33:54.0437 0660 ============================================================
21:33:54.0437 0660 Scan finished
21:33:54.0437 0660 ============================================================
21:33:54.0546 5584 Detected object count: 9
21:33:54.0546 5584 Actual detected object count: 9
21:36:36.0359 5584 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0359 5584 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0359 5584 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0359 5584 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0359 5584 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0359 5584 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0359 5584 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0359 5584 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0359 5584 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0359 5584 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0375 5584 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0375 5584 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0375 5584 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0375 5584 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0375 5584 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0375 5584 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:36.0375 5584 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:36.0375 5584 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:38:15.0890 4856 Deinitialize success


----------



## Kronos2401 (Mar 31, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 21:42:47
-----------------------------
21:42:47.078 OS Version: Windows 5.1.2600 Service Pack 3
21:42:47.078 Number of processors: 2 586 0xF0D
21:42:47.078 ComputerName: EQUIUM UserName: Derek
21:42:47.359 Initialize success
21:50:39.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:50:39.765 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3
21:50:39.812 Disk 0 MBR read successfully
21:50:39.812 Disk 0 MBR scan
21:50:39.812 Disk 0 Windows XP default MBR code
21:50:39.828 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:50:39.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57077 MB offset 3074048
21:50:39.859 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 55894 MB offset 119967744
21:50:39.859 Disk 0 scanning sectors +234439600
21:50:39.953 Disk 0 scanning C:\WINDOWS\system32\drivers
21:50:44.875 Service scanning
21:50:59.781 Modules scanning
21:51:06.250 Disk 0 trace - called modules:
21:51:06.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:51:06.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a58cab8]
21:51:06.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a583028]
21:51:06.296 Scan finished successfully
21:51:39.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Derek\Desktop\MBR.dat"
21:51:39.281 The log file has been saved successfully to "C:\Documents and Settings\Derek\Desktop\aswMBR.txt"


----------



## Kronos2401 (Mar 31, 2012)

ComboFix 12-04-12.03 - Derek 13/04/2012 22:15:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1513 [GMT 1:00]
Running from: c:\documents and settings\Derek\Desktop\username123.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Derek\Local Settings\Application Data\avqfnftv.log
c:\documents and settings\Derek\Local Settings\Application Data\bvgulmwm.log
c:\documents and settings\Derek\Local Settings\Application Data\eoemwbgq.log
c:\documents and settings\Derek\Local Settings\Application Data\lxkvoxxm.log
c:\documents and settings\Derek\Local Settings\Application Data\nqbpxwcp.log
c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
c:\documents and settings\Derek\Local Settings\Application Data\rftfdgcn.log
c:\documents and settings\Derek\Local Settings\Application Data\uimqgfvs.log
c:\documents and settings\Derek\Local Settings\Application Data\yfjruipv.log
c:\documents and settings\LocalService\Local Settings\Application Data\avqfnftv.log
c:\documents and settings\LocalService\Local Settings\Application Data\bvgulmwm.log
c:\documents and settings\LocalService\Local Settings\Application Data\eoemwbgq.log
c:\documents and settings\LocalService\Local Settings\Application Data\lxkvoxxm.log
c:\documents and settings\LocalService\Local Settings\Application Data\nqbpxwcp.log
c:\documents and settings\LocalService\Local Settings\Application Data\rftfdgcn.log
c:\windows\daemon.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 21:23 . 2012-04-13 21:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj
2012-04-06 18:44 . 2012-04-06 18:44 -------- d-----w- c:\documents and settings\Derek\Application Data\SUPERAntiSpyware.com
2012-04-06 18:43 . 2012-04-08 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 18:43 . 2012-04-06 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-06 18:40 . 2012-04-08 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 18:40 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 21:21 . 2012-03-31 21:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 11:39 . 2012-03-18 11:39 388096 ----a-r- c:\documents and settings\Derek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-18 11:39 . 2012-03-18 11:39 -------- d-----w- c:\program files\Trend Micro
2012-03-16 23:28 . 2012-03-18 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 21:21 . 2012-01-24 16:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks]
@="{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}"
[HKEY_CLASSES_ROOT\CLSID\{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks2]
@="{5d606e62-8440-1151-0d25-e99829da7470}"
[HKEY_CLASSES_ROOT\CLSID\{5d606e62-8440-1151-0d25-e99829da7470}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks3]
@="{e19471c0-bfb1-d9a0-9377-161e1a848d0e}"
[HKEY_CLASSES_ROOT\CLSID\{e19471c0-bfb1-d9a0-9377-161e1a848d0e}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1441792]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-04 360448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe [2011-3-29 3571520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 404992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
 SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 184320 ----a-w- c:\program files\Daemon Virtual Drive\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 11:34 162328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 147456 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 11:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 11:34 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 524288 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [07/05/2011 13:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [07/05/2011 13:38 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [14/05/2011 15:00 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe [29/03/2011 07:17 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [03/05/2011 22:42 5888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 22:21 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 06:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:21]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-XejAtgha - c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-XejAtgha - c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-XejAtgha - c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
.
c:\documents and settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2512)
c:\windows\system32\WININET.dll
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
c:\program files\MozyPro (Corporate Edition)\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\vssvc.exe
.
**************************************************************************
.
Completion time: 2012-04-13 22:27:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 21:27
.
Pre-Run: 15,746,654,208 bytes free
Post-Run: 29,838,999,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7F89E1BA9192A6F9F65D3841CD6DDE31


----------



## Kronos2401 (Mar 31, 2012)

Edddie, just so you know, I had to uninstall the Microsoft Security Essentials to run the Combofix.


----------



## eddie5659 (Mar 19, 2001)

Not sure why you would have to uninstall it, normally disabling it works.

---

Please download *GMER* *(only for use on 32-bit operating systems)* from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze.*

*If you have a 64 bit computer do not download or run Gmer as it is not designed to work on a 64 bit system (no currently available rootkit scanner is) so will not give any useful information*.

------------

Also, can you run this:

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## Kronos2401 (Mar 31, 2012)

ark.txt file below.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-19 21:00:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
Running: wgi92tgj.exe; Driver: C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwCreateKey [0xBA44A6AC]
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwOpenKey [0xBA44A562]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[300] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[300] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3 
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[300] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC 
? C:\WINDOWS\Explorer.EXE[336] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\Explorer.EXE[336] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\Explorer.EXE[336] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\Explorer.EXE[336] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\svchost.exe[360] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 201C1610 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 201C68E0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 201C6860 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 201C68A0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 201C6050 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 201C6110 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 201C5FF0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 201C7DF0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!RegisterClassExW  7E41AF7F 5 Bytes JMP 201C7EB0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 201C7A80 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 201C7B00 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 201C7BA0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 201C60B0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 201C7F10 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 201C7B20 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 201C6750 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 201C67C0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 201C5DA0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 201C5D70 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 201C7D20 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 201C6170 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 201C6920 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 201C7D60 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 201C7B60 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 201C5E30 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 201C5F40 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 201C6800 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 201C7E50 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 201C69C0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 201C7C20 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 201C7CA0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 201C7BE0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 201C7C60 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 201C7CE0 
.text C:\WINDOWS\system32\svchost.exe[360] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 201C5DF0 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[680] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Atheros\ACU.exe[688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Atheros\ACU.exe[688] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Atheros\ACU.exe[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Atheros\ACU.exe[688] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!closesocket  71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Atheros\ACU.exe[688] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\Atheros\ACU.exe[688] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[696] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[696] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[696] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[696] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\ctfmon.exe[708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\ctfmon.exe[708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\ctfmon.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\ctfmon.exe[708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[788] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\services.exe[968] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\services.exe[968] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\services.exe[968] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\lsass.exe[980] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[1028] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
? C:\WINDOWS\system32\svchost.exe[1132] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[1192] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\System32\svchost.exe[1232] time/date stamp mismatch; 
.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
? C:\WINDOWS\system32\svchost.exe[1272] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
? C:\WINDOWS\system32\svchost.exe[1328] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[1412] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1548] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1548] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1548] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1560] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1576] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\spoolsv.exe[1748] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\spoolsv.exe[1748] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\spoolsv.exe[1748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\spoolsv.exe[1748] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\spoolsv.exe[1748] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\acs.exe[1792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\acs.exe[1792] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\acs.exe[1792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\acs.exe[1792] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text  C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\acs.exe[1792] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\system32\acs.exe[1792] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
? C:\WINDOWS\system32\svchost.exe[1836] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Internet Explorer\iexplore.exe[1900] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[1964] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
? C:\WINDOWS\System32\svchost.exe[2020] time/date stamp mismatch; 
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtResumeThread  7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\svchost.exe[2020] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\System32\svchost.exe[2116] time/date stamp mismatch; 
.text C:\WINDOWS\System32\svchost.exe[2116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\svchost.exe[2116] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\svchost.exe[2116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\svchost.exe[2116] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!WSASend  71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\svchost.exe[2116] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
? C:\WINDOWS\system32\svchost.exe[2172] time/date stamp mismatch; 
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[2264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[2264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[2264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[2264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\SearchIndexer.exe[2352] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77 
.text C:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453 
.text C:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3 
.text C:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\Program Files\Internet Explorer\iexplore.exe[2880] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\system32\wuauclt.exe[2900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\system32\wuauclt.exe[2900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\system32\wuauclt.exe[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\system32\wuauclt.exe[2900] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\system32\wuauclt.exe[2900] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\System32\vssvc.exe[3540] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\vssvc.exe[3540] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\vssvc.exe[3540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\vssvc.exe[3540] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\vssvc.exe[3540] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
.text C:\WINDOWS\System32\alg.exe[3724] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77 
.text C:\WINDOWS\System32\alg.exe[3724] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453 
.text C:\WINDOWS\System32\alg.exe[3724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3 
.text C:\WINDOWS\System32\alg.exe[3724] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D 
.text C:\WINDOWS\System32\alg.exe[3724] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB 
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5F8288
AttachedDevice \FileSystem\Ntfs \Ntfs MyBusinessWorks.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Rdbss \Device\FsWrap 897F1260
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3  898B4108
Device \Driver\atapi \Device\Ide\IdePort0 898B4108
Device \Driver\atapi \Device\Ide\IdePort1 898B4108
Device \FileSystem\Srv \Device\LanmanServer 89799F30
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8999B8D0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8999B8D0
Device \FileSystem\Npfs \Device\NamedPipe 89BCCF18
Device \FileSystem\Msfs \Device\Mailslot 89BCCBC8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89B6EB30
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89B6EB30
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89B6EB30
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89B6EB30
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89B6EB30
Device \FileSystem\Cdfs \Cdfs 89B8C220
---- Modules - GMER 1.0.15 ----
Module _________ B9E0B000-B9E23000 (98304 bytes)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
File C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe 98224 bytes executable
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
---- EOF - GMER 1.0.15 ----


----------



## Kronos2401 (Mar 31, 2012)

OTL.txt file below.

OTL logfile created on: 19/04/2012 21:35:44 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.25% Memory free
3.83 Gb Paging File | 3.46 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 27.96 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.22 Gb Free Space | 27.88% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/03 11:35:26 | 000,024,576 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2009/01/10 23:15:44 | 000,262,144 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2007/04/03 18:21:34 | 000,147,456 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/19 20:44:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/13 22:24:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: *Alcmtr* - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: *ctfmon.exe* - hkey= - key= - File not found
MsConfig - StartUpReg: *DAEMON Tools-1033* - hkey= - key= - C:\Program Files\Daemon Virtual Drive\daemon.exe (DAEMON'S HOME)
MsConfig - StartUpReg: *HotKeysCmds* - hkey= - key= - File not found
MsConfig - StartUpReg: *HP Software Update* - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: *IgfxTray* - hkey= - key= - File not found
MsConfig - StartUpReg: *iTunesHelper* - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: *NeroFilterCheck* - hkey= - key= - File not found
MsConfig - StartUpReg: *Persistence* - hkey= - key= - File not found
MsConfig - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: *RTHDCPL* - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 19:55:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:50:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/14 12:45:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/13 22:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/13 22:09:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/13 22:09:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/13 22:09:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 22:08:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/31 22:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\VIRUS
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 21:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 20:44:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:43:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/19 19:42:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 19:42:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/13 22:29:48 | 000,098,224 | -H-- | M] () -- C:\Documents and Settings\Derek\Bmnw4HwPl
[2012/04/13 22:24:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/13 22:00:37 | 000,098,224 | -H-- | M] () -- C:\Documents and Settings\Derek\Desktop\UjPrn7vu
[2012/04/13 21:51:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\MBR.dat
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:41 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/06 12:06:44 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe
[2012/03/25 23:24:58 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 23:24:58 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/13 22:29:48 | 000,098,224 | -H-- | C] () -- C:\Documents and Settings\Derek\Bmnw4HwPl
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/13 22:09:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/13 22:09:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/13 22:09:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/13 22:09:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/13 22:09:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/13 22:00:36 | 000,098,224 | -H-- | C] () -- C:\Documents and Settings\Derek\Desktop\UjPrn7vu
[2012/04/13 21:51:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\MBR.dat
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:43:28 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 12:26:27 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe
[2012/03/31 22:21:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 20:47:21 | 000,296,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/21 12:06:58 | 000,011,878 | -HS- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe
[2011/05/21 12:06:58 | 000,011,878 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\462siw7cfe
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/05/05 22:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/01 11:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2012/02/23 22:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/05/07 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/07 12:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/09/29 00:10:04 | 000,000,000 | ---D | M] -- C:\4dccc7ee1d20cbdce7877a489daa
[2011/05/03 20:56:51 | 000,000,000 | ---D | M] -- C:\ae4857cf8a2db1e047a0b67fde094f
[2012/04/13 22:14:14 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012/04/13 22:22:54 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011/06/28 19:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2011/05/03 20:02:29 | 000,000,000 | ---D | M] -- C:\Intel
[2012/04/13 22:08:24 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/04/13 22:27:36 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/04/14 12:45:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/05/03 19:39:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/02/23 22:20:28 | 000,000,000 | ---D | M] -- C:\Temp
[2008/05/30 14:04:50 | 000,000,000 | ---D | M] -- C:\v61010T_20080529_x32
[2012/04/19 19:53:27 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/14 06:42:34 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008/04/14 06:42:34 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/14 06:42:34 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: EQUIUM
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B 
Volume 1 C NTFS Partition 56 GB Healthy System 
Volume 2 D Data NTFS Partition 55 GB Healthy 
< End of report >


----------



## Kronos2401 (Mar 31, 2012)

Extras.txt file below.

OTL Extras logfile created on: 19/04/2012 21:35:44 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.25% Memory free
3.83 Gb Paging File | 3.46 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 27.96 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.22 Gb Free Space | 27.88% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{63132164-9AE3-45D3-047A-E9349D22956C}" = MozyPro
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/04/2012 17:00:18 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 11/04/2012 17:27:31 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/04/2012 15:49:47 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/04/2012 15:55:40 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:21:13 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:27:04 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:30:13 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:48:23 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/04/2012 16:57:14 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 19/04/2012 16:30:10 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 11/04/2012 17:00:18 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 11/04/2012 17:27:31 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/04/2012 15:49:47 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/04/2012 15:55:40 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:21:13 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:27:04 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:30:13 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:48:23 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/04/2012 16:57:14 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 19/04/2012 16:30:10 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 11/04/2012 17:00:18 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 11/04/2012 17:27:31 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/04/2012 15:49:47 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/04/2012 15:55:40 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:21:13 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:27:04 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:30:13 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 13/04/2012 16:48:23 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/04/2012 16:57:14 | Computer Name = EQUIUM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 19/04/2012 16:30:10 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 13/04/2012 16:52:49 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7031
Description = The MozyPro Backup Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 13/04/2012 16:57:14 | Computer Name = EQUIUM | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 13/04/2012 17:21:36 | Computer Name = EQUIUM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000 disappeared 
from the system without first being prepared for removal.

Error - 13/04/2012 17:24:49 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 14/04/2012 07:20:22 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 15/04/2012 09:00:45 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 16/04/2012 18:17:41 | Computer Name = EQUIUM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set 
schedule. Windows will continue to try to establish a connection.

Error - 16/04/2012 18:18:16 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 19/04/2012 14:43:18 | Computer Name = EQUIUM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set 
schedule. Windows will continue to try to establish a connection.

Error - 19/04/2012 14:43:53 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

[ System Events ]
Error - 13/04/2012 16:52:49 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7031
Description = The MozyPro Backup Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 13/04/2012 16:57:14 | Computer Name = EQUIUM | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 13/04/2012 17:21:36 | Computer Name = EQUIUM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000 disappeared 
from the system without first being prepared for removal.

Error - 13/04/2012 17:24:49 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 14/04/2012 07:20:22 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 15/04/2012 09:00:45 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 16/04/2012 18:17:41 | Computer Name = EQUIUM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set 
schedule. Windows will continue to try to establish a connection.

Error - 16/04/2012 18:18:16 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 19/04/2012 14:43:18 | Computer Name = EQUIUM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set 
schedule. Windows will continue to try to establish a connection.

Error - 19/04/2012 14:43:53 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

------------------------------------

Can you run this for me next:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
c:\documents and settings\LocalService\Local Settings\Application Data /sub
C:\Documents and Settings\Derek\Bmnw4HwPl /sub
C:\Documents and Settings\Derek\Desktop\UjPrn7vu /sub
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe /sub
C:\Documents and Settings\All Users\Application Data\462siw7cfe /sub
C:\4dccc7ee1d20cbdce7877a489daa /sub
C:\ae4857cf8a2db1e047a0b67fde094f /sub
:file
c:\windows\system32\drivers\MyBusinessWorks.sys
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Documents and Settings\Derek\Bmnw4HwPl
C:\Documents and Settings\Derek\Desktop\UjPrn7vu
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe
C:\Documents and Settings\All Users\Application Data\462siw7cfe
:filefind
*462siw7cfe*
*UjPrn7vu*
*Bmnw4HwPl*
*Micorsoft*
:folderfind
*462siw7cfe*
*UjPrn7vu*
*Bmnw4HwPl*
*Micorsoft*
:regfind
Micorsoft
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-------------------------

Please download *Rootkit Unhooker* from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the *RKUnhookerLE.exe* file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.


Double-click on *RKUnhookerLE.exe* to start the program.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Click the *Report* tab, then click *Scan*.
Check *Drivers, Stealth,* and uncheck the rest.
Click *OK*.
Wait until it's finished and then go to *File* > *Save Report*.
Save the report to your *Desktop*.
Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "_*Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?*_".

eddie


----------



## Kronos2401 (Mar 31, 2012)

OTL logfile created on: 22/04/2012 17:29:36 - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 70.00% Memory free
3.83 Gb Paging File | 3.34 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 27.45 Gb Free Space | 49.24% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.22 Gb Free Space | 27.88% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

MOD - [2007/04/03 18:21:34 | 000,147,456 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/19 20:44:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/13 22:24:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT] 
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 19:55:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:50:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/04/19 19:50:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/04/14 12:45:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/13 22:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/13 22:09:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/13 22:09:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/13 22:09:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/31 22:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\VIRUS
[2012/03/31 22:21:04 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/24 20:34:22 | 138,400,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Derek\Desktop\SanDiskMediaManagerSetup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 17:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 17:28:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/22 17:25:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/22 17:23:28 | 000,098,224 | -H-- | M] () -- C:\Documents and Settings\Derek\NxJFkglv
[2012/04/22 17:23:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 17:23:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/22 17:23:15 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 22:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/19 22:07:05 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 22:07:05 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 22:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/19 21:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/19 20:44:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/19 20:44:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/13 22:29:48 | 000,098,224 | -H-- | M] () -- C:\Documents and Settings\Derek\Bmnw4HwPl
[2012/04/13 22:24:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/13 22:00:37 | 000,098,224 | -H-- | M] () -- C:\Documents and Settings\Derek\Desktop\UjPrn7vu
[2012/04/13 21:51:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\MBR.dat
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:41 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/06 12:06:44 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe
[2012/03/24 20:34:40 | 138,400,096 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Derek\Desktop\SanDiskMediaManagerSetup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 17:28:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/22 17:23:28 | 000,098,224 | -H-- | C] () -- C:\Documents and Settings\Derek\NxJFkglv
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:29:48 | 000,098,224 | -H-- | C] () -- C:\Documents and Settings\Derek\Bmnw4HwPl
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/13 22:09:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/13 22:09:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/13 22:09:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/13 22:09:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/13 22:09:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/13 22:00:36 | 000,098,224 | -H-- | C] () -- C:\Documents and Settings\Derek\Desktop\UjPrn7vu
[2012/04/13 21:51:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\MBR.dat
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:43:28 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 12:26:27 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe
[2012/03/31 22:21:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 20:47:21 | 000,296,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/21 12:06:58 | 000,011,878 | -HS- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe
[2011/05/21 12:06:58 | 000,011,878 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\462siw7cfe
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========

< :OTL >

< SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) >

< DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) >

< DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) >

< DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service) >

< DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) >

< DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) >

< DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) >

< DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) >

< DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) >

< DRV - File not found [Kernel | System | Stopped] -- -- (Changer) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme) >

< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found >
Invalid Switch: iTunes,version=: File not found

< O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found >

< O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found >

< O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found >

< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

< O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found >

< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [emptyjava] >

< [EMPTYFLASH] >

< [Reboot] >
< End of report >


----------



## Kronos2401 (Mar 31, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:39 on 22/04/2012 by Derek
Administrator - Elevation successful
========== dir ==========
c:\documents and settings\LocalService\Local Settings\Application Data - Parameters: "/sub"
---Files---
avqfnftv.log --a---- 551408 bytes [21:23 13/04/2012] [21:24 13/04/2012]
bnxbxwgj.log --a---- 0 bytes [18:21 06/04/2012] [18:21 06/04/2012]
bvgulmwm.log --a---- 239 bytes [21:24 13/04/2012] [22:16 16/04/2012]
eoemwbgq.log --a---- 4048 bytes [21:30 13/04/2012] [21:30 13/04/2012]
FontCache3.0.0.0.dat --a---- 296384 bytes [19:47 08/01/2012] [23:49 09/03/2012]
lxkvoxxm.log --a---- 2633 bytes [21:30 13/04/2012] [21:30 13/04/2012]
nqbpxwcp.log --a---- 120364 bytes [21:30 13/04/2012] [21:30 13/04/2012]
rftfdgcn.log --a---- 3265 bytes [21:24 13/04/2012] [21:24 13/04/2012]
tpyfnrir.log --a---- 0 bytes [18:21 06/04/2012] [21:42 13/04/2012]
uimqgfvs.log --a---- 0 bytes [23:40 12/03/2012] [23:40 12/03/2012]
WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat --a---- 256768 bytes [22:30 23/02/2012] [22:30 23/02/2012]
WPFFontCache_v0400-System.dat --a---- 123526 bytes [22:30 23/02/2012] [22:30 23/02/2012]
wwvngfkl.log --a---- 0 bytes [23:04 17/03/2012] [21:43 13/04/2012]
yfjruipv.log --a---- 24 bytes [13:32 11/03/2012] [22:23 16/04/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft d------ [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19 d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Portable Devices d------ [10:27 15/05/2011]
wpdlog00.sqm --a---- 320 bytes [10:27 15/05/2011] [10:27 15/05/2011]
wpdlog01.sqm --a---- 290 bytes [21:19 23/02/2012] [21:19 23/02/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows d------ [18:39 03/05/2011]
UsrClass.dat --a---- 8192 bytes [18:39 03/05/2011] [21:12 23/02/2012]
UsrClass.dat.LOG --ah--- 1024 bytes [18:39 03/05/2011] [16:25 22/04/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj d------ [21:23 13/04/2012]
C:\Documents and Settings\Derek\Bmnw4HwPl - Unable to find folder.
C:\Documents and Settings\Derek\Desktop\UjPrn7vu - Unable to find folder.
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe - Unable to find folder.
C:\Documents and Settings\All Users\Application Data\462siw7cfe - Unable to find folder.
C:\4dccc7ee1d20cbdce7877a489daa - Parameters: "/sub"
---Files---
$shtdwn$.req --ah--- 788 bytes [23:10 28/09/2011] [23:10 28/09/2011]
mrt.exe._p --a---- 854561 bytes [09:47 16/09/2011] [09:47 16/09/2011]
mrtstub.exe --a---- 83912 bytes [09:38 16/09/2011] [09:38 16/09/2011]
No folders found.
C:\ae4857cf8a2db1e047a0b67fde094f - Parameters: "/sub"
---Files---
None found.
C:\ae4857cf8a2db1e047a0b67fde094f\amd64 d------ [19:56 03/05/2011]
filterpipelineprintproc.dll ------- 147456 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.cat ------- 10929 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.inf ------- 2204 bytes [19:56 03/05/2011] [05:33 19/06/2008]
msxpsinc.gpd ------- 73 bytes [10:03 19/06/2008] [10:03 19/06/2008]
msxpsinc.ppd ------- 72 bytes [19:56 03/05/2011] [05:33 19/06/2008]
mxdwdrv.dll ------- 748032 bytes [19:56 03/05/2011] [12:06 06/07/2008]
xpssvcs.dll ------- 2936832 bytes [16:36 06/07/2008] [16:36 06/07/2008]
C:\ae4857cf8a2db1e047a0b67fde094f\i386 d------ [19:56 03/05/2011]
filterpipelineprintproc.dll ------- 189952 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.cat ------- 10929 bytes [19:56 03/05/2011] [12:06 06/07/2008]
msxpsdrv.inf ------- 2204 bytes [19:56 03/05/2011] [05:33 19/06/2008]
msxpsinc.gpd ------- 73 bytes [19:56 03/05/2011] [10:03 19/06/2008]
msxpsinc.ppd ------- 72 bytes [19:56 03/05/2011] [05:33 19/06/2008]
mxdwdrv.dll ------- 866304 bytes [19:56 03/05/2011] [12:06 06/07/2008]
xpssvcs.dll ------- 1777152 bytes [19:56 03/05/2011] [12:06 06/07/2008]
========== file ==========
c:\windows\system32\drivers\MyBusinessWorks.sys - File found and opened.
MD5: B8E08BFCAB2BE31804CEA983D2094FAF
Created at 14:00 on 14/05/2011
Modified at 06:17 on 29/03/2011
Size: 54776 bytes
Attributes: --a----
FileDescription: Mozy Change Monitor Filter Driver
FileVersion: 2,4,0,0
ProductVersion: 2,4,0,0
OriginalFilename: mozy.sys
InternalName: mozy.sys
ProductName: Mozy
CompanyName: Mozy, Inc.
LegalCopyright: Copyright © 2005-2010 - Mozy, Inc.
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe - File found and opened.
MD5: DD6550A84EA03C97DE5F0FB62D5EA80F
Created at 06:17 on 29/03/2011
Modified at 06:17 on 29/03/2011
Size: 3571520 bytes
Attributes: --a----
FileDescription: MozyPro Remote Backup Status Application
FileVersion: 2.4.3.0
ProductVersion: 2.4.0.0
InternalName: stat.exe
ProductName: MozyPro Remote Backup
CompanyName: MyBusinessWorks
LegalCopyright: Copyright © 2005-2008 - %1%ntest
C:\Documents and Settings\Derek\Bmnw4HwPl - File found and opened.
MD5: F0E3970EA616B1217D7663AB4878EAB7
Created at 21:29 on 13/04/2012
Modified at 21:29 on 13/04/2012
Size: 98224 bytes
Attributes: --ah---
No version information available.
C:\Documents and Settings\Derek\Desktop\UjPrn7vu - File found and opened.
MD5: F0E3970EA616B1217D7663AB4878EAB7
Created at 21:00 on 13/04/2012
Modified at 21:00 on 13/04/2012
Size: 98224 bytes
Attributes: --ah---
No version information available.
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe - File found and opened.
MD5: F3E6467D8BB9138F88DDCA8DCFE9BC49
Created at 11:06 on 21/05/2011
Modified at 12:23 on 21/05/2011
Size: 11878 bytes
Attributes: --ahs--
No version information available.
C:\Documents and Settings\All Users\Application Data\462siw7cfe - File found and opened.
MD5: F3E6467D8BB9138F88DDCA8DCFE9BC49
Created at 11:06 on 21/05/2011
Modified at 12:23 on 21/05/2011
Size: 11878 bytes
Attributes: --ahs--
No version information available.
========== filefind ==========
Searching for "*462siw7cfe*"
C:\Documents and Settings\All Users\Application Data\462siw7cfe --ahs-- 11878 bytes [11:06 21/05/2011] [12:23 21/05/2011] F3E6467D8BB9138F88DDCA8DCFE9BC49
C:\Documents and Settings\Derek\Local Settings\Application Data\462siw7cfe --ahs-- 11878 bytes [11:06 21/05/2011] [12:23 21/05/2011] F3E6467D8BB9138F88DDCA8DCFE9BC49
C:\Documents and Settings\Derek\Templates\462siw7cfe --ahs-- 11878 bytes [11:06 21/05/2011] [12:23 21/05/2011] F3E6467D8BB9138F88DDCA8DCFE9BC49
Searching for "*UjPrn7vu*"
C:\Documents and Settings\Derek\Desktop\UjPrn7vu --ah--- 98224 bytes [21:00 13/04/2012] [21:00 13/04/2012] F0E3970EA616B1217D7663AB4878EAB7
Searching for "*Bmnw4HwPl*"
C:\Documents and Settings\Derek\Bmnw4HwPl --ah--- 98224 bytes [21:29 13/04/2012] [21:29 13/04/2012] F0E3970EA616B1217D7663AB4878EAB7
Searching for "*Micorsoft*"
C:\Qoobox\Quarantine\Registry_backups\Legacy_MICORSOFT_WINDOWS_SERVICE.reg.dat --a---- 1304 bytes [21:17 13/04/2012] [21:17 13/04/2012] 8E771BAB94713F4A4AA3DF67BD558386
C:\Qoobox\Quarantine\Registry_backups\Service_Micorsoft Windows Service.reg.dat --a---- 2888 bytes [21:17 13/04/2012] [21:17 13/04/2012] 8AA8196C8058931E1BEE253595CA9736
========== folderfind ==========
Searching for "*462siw7cfe*"
No folders found.
Searching for "*UjPrn7vu*"
No folders found.
Searching for "*Bmnw4HwPl*"
No folders found.
Searching for "*Micorsoft*"
No folders found.
========== regfind ==========
Searching for "Micorsoft"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"Service"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"DeviceDesc"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"Service"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"DeviceDesc"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control]
"ActiveService"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Micorsoft Windows Service\Enum]
"0"="Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"Service"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000]
"DeviceDesc"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control]
"ActiveService"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service]
"DisplayName"="Micorsoft Windows Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum]
"0"="Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000"
-= EOF =-


----------



## Kronos2401 (Mar 31, 2012)

Eddie, the first two is relatively straight forward, however the RKUnhooker does not give me the option to 'run as administrator'. I'm guessing its because I'm already the administrator. The parasite warning would return the moment I click 'ok', and keeps returning, but by the 4th time the main window opened. The rest of the actions were as instructed.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB824D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0x9EFFF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4894720 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xB8032000 C:\WINDOWS\system32\DRIVERS\athw.sys 1589248 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)
0x9A101000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xB9E23000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9A1DB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7F20000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9A308000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x99BB9000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF48D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x994C6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7FF9000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 233472 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB81B6000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 225280 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB7F7E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F53000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9A084000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x99010000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9A24B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB81ED000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9A2E0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F81000 d347bus.sys 155648 bytes ( , PnP BIOS Extension)
0xB9EFD000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9A2BA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9EFDB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8215000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7FD6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9A298000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9A276000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DD3000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F23000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9A3A7000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB9CC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E0B000 98304 bytes
0xB9DF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DAA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7FBF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9A01F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8239000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9A361000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0x9A394000 C:\WINDOWS\system32\DRIVERS\MyBusinessWorks.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xB9D97000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F42000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7FAE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9AE97000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB4724000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA128000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA268000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB4734000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA188000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA318000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9B431000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA148000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB87EC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA168000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9911B000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9B461000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA308000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9B441000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9B451000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9A7AE000 C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys 32768 bytes
0x9B39E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB3499000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB34E9000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA440000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA430000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x9B396000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9B3AE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9B3A6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA450000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA458000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB3489000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB95EB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA5A4000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9A508000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9BE84000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9BE80000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB95E3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9BE74000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9B894000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA640000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 d347prt.sys 8192 bytes ( , SCSI miniport)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA63E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5F0000 C:\WINDOWS\system32\DRIVERS\FwLnk.sys 8192 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA642000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA644000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5F2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA72E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA689000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0x9AA40000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x89A9D1A8 unknown_irp_handler 3672 bytes
0x897FE1C0 unknown_irp_handler 3648 bytes
0x8996B1F8 unknown_irp_handler 3592 bytes
0x89B501F8 unknown_irp_handler 3592 bytes
0x8A5F8288 unknown_irp_handler 3448 bytes
0x899D02B0 unknown_irp_handler 3408 bytes
0x89A55978 unknown_irp_handler 1672 bytes
0x89A01B18 unknown_irp_handler 1256 bytes
0x897E8C10 unknown_irp_handler 1008 bytes
0x89A63CF0 unknown_irp_handler 784 bytes
==============================================
>Stealth
==============================================


----------



## eddie5659 (Mar 19, 2001)

Okay, the OTL log is incorrect, as that is a scan, not a remove. However, we'll leave that for now, and try and shift the actual files.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> c:\documents and settings\LocalService\Local Settings\Application Data\avqfnftv.log
> c:\documents and settings\LocalService\Local Settings\Application Data\bnxbxwgj.log
> c:\documents and settings\LocalService\Local Settings\Application Data\bvgulmwm.log
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

-----------------------------

Then, can you run a scan here:

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *ticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan

------------------

eddie


----------



## Kronos2401 (Mar 31, 2012)

ComboFix 12-04-24.02 - Derek 24/04/2012 20:15:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1569 [GMT 1:00]
Running from: c:\documents and settings\Derek\Desktop\username123.exe
Command switches used :: c:\documents and settings\Derek\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Application Data\462siw7cfe"
"c:\documents and settings\Derek\Bmnw4HwPl"
"c:\documents and settings\Derek\Desktop\UjPrn7vu"
"c:\documents and settings\Derek\Local Settings\Application Data\462siw7cfe"
"c:\documents and settings\Derek\Local Settings\Temp\fshhtddm.sys"
"c:\documents and settings\Derek\Templates\462siw7cfe"
"c:\documents and settings\LocalService\Local Settings\Application Data\avqfnftv.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\bnxbxwgj.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\bvgulmwm.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\eoemwbgq.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\lxkvoxxm.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\nqbpxwcp.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\rftfdgcn.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\tpyfnrir.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\uimqgfvs.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\wwvngfkl.log"
"c:\documents and settings\LocalService\Local Settings\Application Data\yfjruipv.log"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\462siw7cfe
c:\documents and settings\Derek\Desktop\UjPrn7vu
c:\documents and settings\Derek\Local Settings\Application Data\462siw7cfe
c:\documents and settings\Derek\Local Settings\Application Data\avqfnftv.log
c:\documents and settings\Derek\Local Settings\Application Data\bvgulmwm.log
c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
c:\documents and settings\Derek\Local Settings\Application Data\yfjruipv.log
c:\documents and settings\Derek\Templates\462siw7cfe
c:\documents and settings\LocalService\Local Settings\Application Data\bnxbxwgj.log
c:\documents and settings\LocalService\Local Settings\Application Data\pxrnjgxj
c:\documents and settings\LocalService\Local Settings\Application Data\tpyfnrir.log
c:\documents and settings\LocalService\Local Settings\Application Data\uimqgfvs.log
c:\documents and settings\LocalService\Local Settings\Application Data\wwvngfkl.log
c:\documents and settings\LocalService\Local Settings\Application Data\yfjruipv.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-19 18:50 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-19 18:50 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-06 18:44 . 2012-04-06 18:44 -------- d-----w- c:\documents and settings\Derek\Application Data\SUPERAntiSpyware.com
2012-04-06 18:43 . 2012-04-08 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 18:43 . 2012-04-06 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-06 18:40 . 2012-04-08 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 18:40 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 21:21 . 2012-04-19 19:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 19:44 . 2012-01-24 16:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 11:39 . 2012-03-18 11:39 388096 ----a-r- c:\documents and settings\Derek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-01 11:01 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 05:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 05:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 05:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2008-04-14 01:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-24_19.07.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 19:20 . 2012-04-24 19:20 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks]
@="{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}"
[HKEY_CLASSES_ROOT\CLSID\{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks2]
@="{5d606e62-8440-1151-0d25-e99829da7470}"
[HKEY_CLASSES_ROOT\CLSID\{5d606e62-8440-1151-0d25-e99829da7470}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks3]
@="{e19471c0-bfb1-d9a0-9377-161e1a848d0e}"
[HKEY_CLASSES_ROOT\CLSID\{e19471c0-bfb1-d9a0-9377-161e1a848d0e}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XejAtgha"="c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-04 360448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe [2011-3-29 3571520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 184320 ----a-w- c:\program files\Daemon Virtual Drive\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 11:34 162328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 147456 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 11:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 11:34 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 524288 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [07/05/2011 13:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [07/05/2011 13:38 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [14/05/2011 15:00 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe [29/03/2011 07:17 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [03/05/2011 22:42 5888]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\Derek\LOCALS~1\Temp\fshhtddm.sys --> c:\docume~1\Derek\LOCALS~1\Temp\fshhtddm.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 22:21 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 06:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:44]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
.
c:\documents and settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1744)
c:\windows\system32\WININET.dll
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
c:\program files\MozyPro (Corporate Edition)\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\vssvc.exe
.
**************************************************************************
.
Completion time: 2012-04-24 20:24:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 19:24
ComboFix2.txt 2012-04-13 21:27
.
Pre-Run: 29,407,125,504 bytes free
Post-Run: 29,387,689,984 bytes free
.
- - End Of File - - A0C02C3587B407EA598AE47AB08BFD3A


----------



## Kronos2401 (Mar 31, 2012)

Eddie, I have not selected "uninstall application on close" or "delete quarantined files". Looking at this ESET scan, should I be worried? 1576 threats found, all from this ramnit virus. 

********************************

C:\ae4857cf8a2db1e047a0b67fde094f\i386\filterpipelineprintproc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\ae4857cf8a2db1e047a0b67fde094f\i386\mxdwdrv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\ae4857cf8a2db1e047a0b67fde094f\i386\xpssvcs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\EvidenceCollectors\EvidenceCollector.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\EvidenceCollectors\GeneralEvidenceCollector.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\EvidenceCollectors\ProductEventEvidenceCollector.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\mplayerc.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\DELDIR0.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\QTInstallerHelper.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\SrcWMA.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\binkw32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\CreatureUpload.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\drvmgt.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\e.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\IFC22.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\lhlogr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\QMixer.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\wearasr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_Code.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_eReg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_EZ.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\Black and White_uninst.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\ereg\go_ez.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\Plug Ins\LanguageR.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\F\Program Files\Black & White\Plug Ins\ScriptLibraryR.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Documents and Settings\Derek\Desktop\VIRUS\UjPrn7vu a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Esl\AiodLite.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrofx32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRdIF.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeLinguistic.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXE16SharedExpat.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXE8SharedExpat.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXEParser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\AXSLE.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\edb1drv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\edb500x.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\epic_eula.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\esdupdate.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\eularesen_US.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\JP2KLib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\libaglcnv28.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\rt3d.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\vdk150.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\SVGCore.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\OnlineServices.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Atheros\athdiag.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\Aac.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\aacenc32.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\Aiff.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\DefConvertor.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\lame_enc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PP.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PRO.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PRO_dmo.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\mp3PRO_hlp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\ogg.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\AudioPlugins\wav.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\aacplus.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\ndvddisc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\NeAMR.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\NeNDGui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\DSFilter\neroapl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\BCGCBPRO730u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\CaptureAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\em2v.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\GCCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\GCHW.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\Lib\MediaLibraryNSE.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\MPVInterface.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\MultiChannel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeAcEnc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeEm2a.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroCBUI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroFileDialog.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroMediaCon.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeroSearch.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NeVcr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMDvdContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMFileContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMPlaybackComponent.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSearch.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginFileSystem.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginMediaLibrary.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSlideShow.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSSContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSSEffects.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMSVCDContentHandler.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMThumbnailIconsGen.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMTvWizard.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\NMVDS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Lib\ShellManager.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Nero Web\nps.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\MSMCERCPlugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroAti.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRcPluginAti.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRcPluginHauppauge.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRemoteCtrlHandler.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRemoteCtrlInterfaces.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Designer\MSADDNDR.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\hpgscnsv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\bin\Lager\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqcc3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqcutil.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqfmt02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqiml01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\HPQIML02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqpsb01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqpsb02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqthbg2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\HP\Digital Imaging\bin\HPQXMPP.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\IScript\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Artgalry\QRYCTRL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DATAINST.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DIINTL.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DMINTL.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DMTMDL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\DMTMINTL.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\Datamap\MSMAP.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Equation\EQNEDT32.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Euro\MSOEURO.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\OrgChart\ORGCHART.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\CHALKCHA.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\EMBOSS.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\GRAPHICP.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\NOTEPAPE.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\STAINEDG.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\STAMP.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\TEXTURIZ.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\WATERCOL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Proof\MSLID.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Proof\MSTHES3.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\Reference Titles\MSREFTL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV10.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV10D.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBACV20.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\MSMDCUBE.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\MSMDGDRV.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\MSOLAP.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Common Files\System\Ole DB\MSOLAPSL.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Common Files\System\Ole DB\sqloledb.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Daemon Virtual Drive\daemon.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Daemon Virtual Drive\pfctoc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\earthflashsol.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\ge_expat.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Google\Google Earth\client\googleearth.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\googleearth_free.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\gpsbabel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\geplugin.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\ge_expat.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Google\Google Earth\plugin\ie\6.1.0.5001\ge_expat.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Google\Update\1.3.21.111\8JqHb17E6 a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Program Files\HP\Digital Imaging\bin\DestTest.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpianlyz.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpiscncc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpiscnex.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfbmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfcmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplffax14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplffpx14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplffpx7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfgif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfjbg14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfkodak.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfpcx14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplfpng14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hplftif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltdis14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltfil14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltkrn14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpltwvc14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpodeb08.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpodev08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpomem07.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposva08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposvc08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposvi08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqacdse.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqaol08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqbts01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqbwapi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqclpbd.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcsaha.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdash.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdlg08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdstcp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqeaio.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqEmlsz.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HPQES002.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqfxdoc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtmain.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqkiosk.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqmfc10.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqmsg10.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqpmet.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqpprop.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqprjdoc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HPQPrntW.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqptc08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqqpapp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqqpawp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqsoa08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqSplFix08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqss001.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqstd08.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbc01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbp02.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbx01.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqthbg1.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtscmn.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtscmnctrl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtsshctui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqudc08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpquig01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqxml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqxmlul.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpzjsn01.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\otlk00.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\ppt8dll.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\svtf.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\vc8_xerces-c_2_7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\word8dll.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\xmlparse.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\crm\hpqcrmcm.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\AIODevice.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpianlyz.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscncc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnex.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfbmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfcmp14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplffax14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfgif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfjbg14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplfpng14nu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hplftif14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpltdis14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpltfil14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpltkrn14nu.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqprint.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqprntUI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqss001.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqteml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqtscmn.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqtscmnctrl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpqtsshctui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Lager\hpsjrreg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DigitalImaging\hpDocCvt.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\DocProc.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\format5.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\ir_fe.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJENG32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJOCRI32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJPP32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\LJSEG32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\regstr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\xerces-c_2_3_0.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_env.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_letter.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_original.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_load_small.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\help\player\fscommand\F4200_paperjam.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\LGT plugins\Plugin_HP.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\LGT plugins\Plugin_Standard.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\c4dll.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbeh.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbxml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqanipl.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqchmsr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqhlp01.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqlvsr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqsrlp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqsrres.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzswp01.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\libtiff3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\PDFCreatorPilot3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\doccd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\util\ccc\hpqrrx08.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpcommunication.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpediag.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpscripting.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\installmetrics.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\internetutil.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\msxml3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\rulesengine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\ExtExport.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\jsdbgui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\jsdebuggeride.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\JSProfilerCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\jsprofilerui.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\sqmapi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\psvince.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ffmpeg.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_kernelDeint.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_liba52.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libdts.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_samplerate.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\ff_wmv9.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\FLT_ffdshow.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\libmpeg2_ff.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\ffdshow\TomsMoComp_ff.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\GenDMOProp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\libFLAC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\MpegVideo.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\OptimFROG.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\avi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\avs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\avss.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\dxr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ogm.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\Haali\ts.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\ltmoh\mohapi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\CSS.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\HLP95EN.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\MDHELPER.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\MSO97FX.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\MSQRY32.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\REFEDIT.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\SELFREG.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\SETLANG.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\XLQPW.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\1033\SCHDMAPI.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\Library\Msquery\XLODBC32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office\Library\Solver\SOLVER32.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\MSE\1033\CSOF.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\MSE\1033\HHSETUP.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MozyPro (Corporate Edition)\msvcm90.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\iasvcstb.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\msdbxi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\msninst.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\MSN\MsnInstaller\msnsign.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\AudioPluginMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\BCGCBPRO730.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\CDCopy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\cdr50s.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\CDROM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\DVDREALLOC.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\em2v.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GENCUSH.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\Generatr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GenFAT.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\geniso.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GenPCHy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\GenUDF.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\image.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\ImageGen.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\ISOFS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\MMC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeEm2a.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeHDBlkAccess.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\nero.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroCmd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\neroDB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroErr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroMediaCon.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeroNET.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\neroscsi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\NeVCDEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\newtrf.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\TMPVImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\UDFImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\VCDMenu.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\VMpegEnc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Core\VMPEGEncNDX.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\LBFC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NB.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBFtp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBHDMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBSFtp.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBVS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBVSS_03.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBVSS_xp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDCopy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\cdr50s.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\FATImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\geniso.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\image.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\isofs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\MMC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroErr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\neroscsi.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\newtrf.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\NeroBurnPlugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\WMPBurn.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCorePlugins.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NMUIEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Home\NMUIGDIPlus.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\idriveinst.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\imagedrv.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ImageDrive\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\mfc71u.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMSIndexService.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMSMediaServer.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMSTranscoder.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\BasicFilters.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\FImgPlg.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\FreeImage.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\InstanceMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\NSPluginMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoEffects.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoEffectsLib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\XImgPlg.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\HDDImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\ndvddisc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\NeroFSStandalone.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\TMPVImporter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Recode\UDFImporter.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\DriveSpeed.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\NMSUPnPIndexService.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero StartSmart\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\InfoTool.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRightsHelp.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCDocBase.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCDOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCLib.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\AMCUIBase.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDBlockAcc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDDoc.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\DVDUI.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\em2v.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\ExpressDoc.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\ExpressUI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCCore.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCFX.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCHWCfg.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GCLib.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\GDIPainter.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\HDCC.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\HTMLGallery.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\MMTools.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeAcEnc.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeAnalyzer.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeEm2a.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeMediaOut.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeroMediaCon.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVisionAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeVcr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFXW.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NVDV.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\NVECommonFX.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\VCDDoc.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\VCDEngine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero Vision\VCDUI.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\atl71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\AudioEffectLibrary.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\Controls.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXBridge.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXEnum.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\MFC71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\VSTBridge.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\ANISPRI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\libeay32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\PurePlay\Poker\libpng.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\PurePlayPoker.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\ssleay32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\PurePlay\Poker\TNObjMgr.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\TNSock.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\TNUtil.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\PurePlay\Poker\TNXml.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\PictureViewer.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTTask.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin2.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin3.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin5.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin6.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\Plugins\npqtplugin7.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\ExportControllerPS.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QTCF.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QTJNative.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QTMLClient.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\Alcmtr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RTCOMDLL.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RtkUpd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RtlCPAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Realtek\Audio\InstallShield\SoundMan.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\msvcr71.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\SynMood.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\SynToshiba.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\SynTPCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\SynTPRes.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\SynZMetr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Tutorial.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\InstNT.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\setup.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynCtrl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynISDLL.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynMood.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynToshiba.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPAPI.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCo4.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCOM.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPCpl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynTPRes.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\Synaptics\SynTP\Media\SynZMetr.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Toshiba\Bluetooth Monitor\BtMon.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll a variant of Win32/Ramnit.T virus deleted (after the next restart) - quarantined
C:\Program Files\Windows Desktop Search\dbsetup.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\mapine.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\MSNLDl.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\MSNLDlPs.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\msnlRed.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\WdsMktTools.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\wdsView.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\WindowsSearch.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\wordwheel.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Desktop Search\xppreviewproxy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmdbexport.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmlaunch.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpenc.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpnscfg.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpnssci.dll Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmpshare.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Program Files\Windows Media Player\wmsetsdk.exe Win32/Ramnit.R virus cleaned - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Derek\Bmnw4HwPl.vir a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Derek\NxJFkglv.vir a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Derek\Desktop\UjPrn7vu.vir a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147582.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147671.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147672.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147676.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147677.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147682.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147683.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP128\A0147688.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP131\A0147993.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP131\A0147994.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP131\A0147995.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP132\A0148066.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP132\A0148161.exe a variant of Win32/Kryptik.ACQV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148390.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148391.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148392.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148393.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148394.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148395.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148396.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148397.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148398.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148399.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148400.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148401.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148402.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148403.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148404.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148405.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148406.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148407.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148408.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148409.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148410.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148411.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148412.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148413.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148414.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148415.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148416.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148417.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148418.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148419.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148420.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148421.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148422.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148423.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148424.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148425.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148426.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148427.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148428.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148429.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148430.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148431.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148438.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148439.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148440.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148441.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148442.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148443.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148444.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148445.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148446.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148447.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148448.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148449.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148450.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148451.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148452.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148453.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148454.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148455.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148456.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148457.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148458.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148459.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148460.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148461.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148462.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148463.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148464.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148465.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148466.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148467.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148468.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148469.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148470.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148471.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148472.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148473.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148474.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148475.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148476.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148477.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148478.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148479.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148480.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148481.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148482.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148483.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148484.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148485.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148486.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148487.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148488.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148489.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148490.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148491.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148492.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148493.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148494.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148495.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148496.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148497.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148498.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148499.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148500.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148501.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148502.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148503.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148504.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148505.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148506.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148507.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148508.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148509.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148510.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148511.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148512.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148513.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148514.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148515.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148516.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148517.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148518.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148519.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148520.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148521.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148522.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148523.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148524.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148525.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148526.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148527.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148528.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148529.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148530.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148531.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148532.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148533.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148534.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148535.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148536.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148537.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148538.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148539.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148540.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148541.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148542.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148543.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148544.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148545.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148546.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148547.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148548.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148549.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148550.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148551.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148552.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148553.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148554.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148555.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148556.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148557.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148558.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148559.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148560.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148561.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148562.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148563.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148564.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148565.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148566.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148567.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148568.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148569.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148570.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148571.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148572.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148573.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148574.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148575.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148576.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148577.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148578.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148579.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148580.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148581.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148582.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148583.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148584.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148585.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148586.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148587.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148588.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148589.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148590.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148591.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148592.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148593.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148594.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148595.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148596.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148597.DLL a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148598.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148599.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148600.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148601.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148602.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148603.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148604.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148605.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148606.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148607.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148608.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148609.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148610.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148611.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148612.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148613.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148614.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148615.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148616.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148617.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148618.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148619.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148620.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148621.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148622.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148623.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148624.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148625.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148626.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148627.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148628.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148629.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148630.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148631.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148632.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148633.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148634.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148635.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148636.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148637.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148638.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148639.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148640.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148641.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148642.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148643.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148644.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148645.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148646.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148647.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148648.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148649.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148650.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148651.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148652.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148653.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148654.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148655.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148656.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148657.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148658.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148659.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148660.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148661.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148662.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148663.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148664.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148665.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148666.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148667.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148668.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148669.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148670.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148671.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148672.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148673.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148674.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148675.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148676.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148677.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148678.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148679.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148680.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148681.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148682.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148683.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148684.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148685.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148686.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148687.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148688.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148689.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148690.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148691.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148692.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148693.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148694.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148695.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148696.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148697.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148698.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148699.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148700.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148701.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148702.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148703.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148704.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148705.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148706.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148707.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148708.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148709.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148710.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148711.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148712.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148713.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148714.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148715.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148716.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148717.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148718.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148719.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148720.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148721.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148722.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148723.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148724.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148725.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148726.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148727.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148728.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148729.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148730.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148731.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148732.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148733.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148734.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148735.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148736.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148737.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148738.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148739.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148740.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148741.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148742.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148743.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148744.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148745.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148746.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148747.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148748.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148749.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148750.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148751.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148752.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148753.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148754.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148755.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148756.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148757.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148758.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148759.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148760.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148761.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148762.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148763.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148764.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148765.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148766.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148767.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148768.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148769.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148770.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148771.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148772.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148773.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148774.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148775.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148776.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148777.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148778.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148779.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148780.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148781.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148782.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148783.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148784.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148785.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148786.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148787.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148788.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148789.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148790.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148791.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148792.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148793.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148794.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148795.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148796.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148797.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148798.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148799.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148800.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148801.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148802.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148803.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148804.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148805.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148806.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148807.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148808.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148809.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148810.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148811.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148812.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148813.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148814.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148815.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148816.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148817.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148818.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148819.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148820.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148821.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148822.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148823.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148824.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148825.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148826.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148827.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148828.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148829.EXE Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148830.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148831.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148832.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148833.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148834.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148835.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148836.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148837.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148838.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148839.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148840.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148841.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148842.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148843.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148844.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148845.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148846.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148847.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148848.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148849.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148850.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148851.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148852.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148853.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148854.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148855.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148856.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148857.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148858.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148859.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148860.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148861.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148862.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148863.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148864.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148865.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148866.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148867.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148868.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148869.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148870.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148871.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148872.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148873.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148874.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148875.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148876.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148877.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148878.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148879.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148880.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148881.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148882.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148883.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148884.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148885.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148886.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148887.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148888.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148889.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148890.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148891.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148892.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148893.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148894.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148895.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148896.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148897.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148898.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148899.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148900.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148901.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148902.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148903.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148904.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148905.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148906.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148907.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148908.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148909.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148910.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148911.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148912.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148913.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148914.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148915.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148916.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148917.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148918.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148919.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148920.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148921.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148922.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148923.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148924.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148925.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148926.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148927.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148928.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148929.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148930.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148931.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148932.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148933.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148934.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148935.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148936.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148937.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148938.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148939.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148940.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148941.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148942.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148943.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148944.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148945.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148946.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148947.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148948.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148949.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148950.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148951.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148952.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148953.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148954.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148955.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148956.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148957.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148958.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148959.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148960.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148961.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148962.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148963.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148964.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148965.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148966.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148967.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148968.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148969.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148970.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148971.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148972.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148973.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148974.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148975.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148976.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148977.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148978.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148979.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148980.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148981.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148982.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148983.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148984.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148985.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148986.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148987.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148988.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148989.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148990.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148991.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148992.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148993.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148994.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148995.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148996.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148997.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148998.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0148999.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149000.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149001.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149002.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149003.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149004.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149005.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149006.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149007.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149008.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149009.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149010.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149011.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149012.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149013.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149014.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149015.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149016.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149017.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149018.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149019.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149020.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149021.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149022.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149023.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149024.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149025.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149026.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149027.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149028.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149029.DLL Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149030.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149031.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149032.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149033.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149034.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149035.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149036.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149037.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149038.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149039.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149040.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149041.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149042.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149043.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149044.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149045.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149046.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149047.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149048.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149049.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149050.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149051.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149052.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149053.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149054.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149055.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149056.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149057.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149058.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149059.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149060.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149061.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149062.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149063.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149064.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149065.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149066.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149067.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149068.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149069.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149070.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149071.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149072.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149073.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149074.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149075.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149076.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149077.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149078.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149079.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149080.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149081.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149082.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149083.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149084.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149085.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149086.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149087.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149088.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149089.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149090.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149091.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149092.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149093.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149094.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149095.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149096.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149097.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149098.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149099.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149100.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149101.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149102.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149103.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149104.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149105.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149106.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149107.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149108.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149109.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149110.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149111.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149112.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149113.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149114.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149115.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149116.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149117.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149118.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149119.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149120.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149121.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149122.dll Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149123.exe Win32/Ramnit.R virus cleaned - quarantined
C:\System Volume Information\_restore{8C2E7C10-FA92-4051-8C16-92F9A06EAEA4}\RP133\A0149124.exe Win32/Ramnit.R virus cleaned - quarantined
C:\WINDOWS\ie8updates\KB2675157-IE8\iedvtool.dll Win32/Ramnit.R virus cleaned - quarantined
C:\WINDOWS\ie8updates\KB2675157-IE8\ieproxy.dll Win32/Ramnit.R virus cleaned - quarantined
C:\WINDOWS\ie8updates\KB2675157-IE8\xpshims.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\DELDIR0.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\QTInstallerHelper.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\SrcWMA.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP13a16\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_ISDel.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\PGP17291\Disk1\_Setup.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP2.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\ZDataI51.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Documents and Settings\default\Local Settings\Temp\_ISTMP3.DIR\_WUTL951.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\binkw32.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\CreatureUpload.exe a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\drvmgt.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\e.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\IFC22.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\lhlogr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\QMixer.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\Setup.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\wearasr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_Code.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_eReg.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_EZ.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\Black and White_uninst.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\ereg\go_ez.exe Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\Plug Ins\LanguageR.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\F\Program Files\Black & White\Plug Ins\ScriptLibraryR.dll Win32/Ramnit.R virus cleaned - quarantined
D:\My Old Documents\Desktop\Toshiba Downloads\pro-ncs-20080416140552\iProData\iconvrtr.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\MdmXSdk.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\UCI32M25.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\UIU32m.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem Driver\xaudio.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ARB\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\CHS\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\CHT\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\CSY\Aboutn.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\DAN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\DEU\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ELL\Aboutn.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ENU\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ESP\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\FIN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\FRA\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\HEB\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\HRV\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\HUN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ITA\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\JPN\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\KOR\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\NLD\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\NOR\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\PLK\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\PTB\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\PTG\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\ROM\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\RUS\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\SKY\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\SLV\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\SVE\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\THA\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\Conexant Modem MOH\Language\TRK\Aboutn.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\DRIVER\drivers\UMDF\wpdmtpdr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\drivers\UMDF\wpdmtpdr.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\si32.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\VISTAXP2K\x86\sm56.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\VISTAXP2K\x86\sm56co76.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\Motorola Modem Driver\VISTAXP2K\x86\sm56hlpr.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectConexant\cselect.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectConexant\CSELLANG.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectConexant\TOSMREG.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectMotorola\cselect.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectMotorola\CSELLANG.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\RegionSelectMotorola\TOSMREG.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\SWHelper\SWHelper.exe a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agrscoin.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agrsmsvc.exe a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agsetup1.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\agsetup2.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\CSELECT.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\CSELLANG.DLL Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\mohapi.dll Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TOSHIBA Software Modem\TOSMREG.EXE Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\TRSDriver\SPSInstall32.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\HideWin.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\Atheros\AthInst.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\Intel\IMDGInst.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Drivers\WLAN\Intel\NETw4c32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
D:\Toshiba\Drivers\WLAN\Intel\Utility\iProData\iconvrtr.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Info\TRebootRequest.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Info\TSetRes.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Info\MDA\chklogo6.exe Win32/Ramnit.R virus cleaned - quarantined
D:\Toshiba\Updates\TCallUPD.exe Win32/Ramnit.R virus cleaned - quarantined
Operating memory a variant of Win32/Ramnit.L virus


----------



## eddie5659 (Mar 19, 2001)

The main problem with a Ramnit infection is that it infects many files and changes them to its file structure. Many times its easier to format, as this is the safest way to ensure its all clean.

There's not many threads out there where I or anyone else suggests formatting, but Ramnit is one, I'm afraid 

So, if you want to carry on, can you try the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

Then, if you can post a fresh OTL log as well, that would be great 

I'm away for two weeks from tonight, but I'm letting other's know so someone else will reply whilst I'm away.

eddie


----------



## eddie5659 (Mar 19, 2001)

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

*First we will run a virus scan *
On the first tab select all elements down to *Computer* and then select start scan 
Once it has finished select report and post that.









Select all drivers connected in your computer:










_Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop_

*Now an analysis scan*
Select the *Manual Disinfection* tab 
Press the *Gather System Information *button 
Once done Open the *last report saved *folder then attach the zip file to your next post zip 
The file is located at C:\Users\_your name_\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip


----------



## Kronos2401 (Mar 31, 2012)

OTL logfile created on: 30/04/2012 23:27:21 - Run 3
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.34% Memory free
3.83 Gb Paging File | 3.40 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 32.06 Gb Free Space | 57.52% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/19 20:44:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\username123\catchme.sys -- (catchme)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/30 23:22:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT] 
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/24 19:58:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/24 19:58:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/24 19:58:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/24 19:58:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/24 19:52:18 | 004,479,582 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/19 19:55:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:50:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/04/19 19:50:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 23:24:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 23:22:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 23:22:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 23:22:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 23:06:11 | 004,479,582 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/29 17:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 17:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 17:28:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/22 17:23:15 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 22:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/19 22:07:05 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 22:07:05 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 22:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/19 20:44:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/19 20:44:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 19:58:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 19:58:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 19:58:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 19:58:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 19:58:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 17:28:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 20:47:21 | 000,296,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========

< :OTL >

< SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) >

< DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) >

< DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) >

< DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service) >

< DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) >

< DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) >

< DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) >

< DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) >

< DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) >

< DRV - File not found [Kernel | System | Stopped] -- -- (Changer) >

< DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme) >

< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found >
Invalid Switch: iTunes,version=: File not found

< O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found >

< O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found >

< O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found >

< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

< O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found >

< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [emptyjava] >

< [EMPTYFLASH] >

< [Reboot] >
< End of report >


----------



## Kronos2401 (Mar 31, 2012)

This one is without your OTL code.

==============

OTL logfile created on: 30/04/2012 23:52:10 - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.13% Memory free
3.83 Gb Paging File | 3.32 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 31.91 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/19 20:44:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\username123\catchme.sys -- (catchme)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/30 23:22:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/24 19:58:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/24 19:58:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/24 19:58:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/24 19:58:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/24 19:52:18 | 004,479,582 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/19 19:55:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/19 19:50:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/04/19 19:50:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 23:51:27 | 133,330,512 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_01_01_37.exe
[2012/04/30 23:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 23:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 23:24:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 23:22:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 23:22:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 23:22:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 23:06:11 | 004,479,582 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek\Desktop\username123.exe
[2012/04/22 17:28:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/22 17:23:15 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 22:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/19 22:07:05 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 22:07:05 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 22:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/19 20:44:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/19 20:44:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/19 19:55:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 23:51:22 | 133,330,512 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_01_01_37.exe
[2012/04/24 19:58:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 19:58:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 19:58:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 19:58:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 19:58:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 17:28:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 20:47:21 | 000,296,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
< End of report >


----------



## Kronos2401 (Mar 31, 2012)

I was able to find the 'Automatic Scan' report from the saved report section, however the 'Manual Disinfection' scan did not create a zip file;

C:\Users\_your name_\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

But I did find a report from the above saved report section, under the name gathering system information. I hope its the same report you were referring to.


----------



## Kronos2401 (Mar 31, 2012)

Gathering system information: completed 6 minutes ago (events: 254, time: 00:02:03) 
02/05/2012 20:52:07 Task completed Gathering system information 
02/05/2012 20:52:07 Main script of analysis 
02/05/2012 20:52:07 Deleting service/driver: ujqwmzex 
02/05/2012 20:52:07 Delete file:C:\WINDOWS\system32\Drivers\utqwmzex.sys 
02/05/2012 20:52:07 [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\utqwmzex 
02/05/2012 20:52:07 Deleting service/driver: utqwmzex 
02/05/2012 20:52:07 System Analysis - complete 
02/05/2012 20:51:07 System Analysis in progress 
02/05/2012 20:51:04 >> Disable removable media autorun 
02/05/2012 20:51:04 >> Disable CD/DVD autorun 
02/05/2012 20:51:04 >> Disable autorun from network drives 
02/05/2012 20:51:04 >> Disable HDD autorun 
02/05/2012 20:50:59 >> Security: sending Remote Assistant queries is enabled 
02/05/2012 20:50:59 >> Security: anonymous user access is enabled 
02/05/2012 20:50:59 >> Security: administrative shares (C$, D$ ...) are enabled 
02/05/2012 20:50:59 >> Security: disk drives' autorun is enabled 
02/05/2012 20:50:59 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager) 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing) 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: Schedule (Task Scheduler) 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: TlntSvr (Telnet) 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service) 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: TermService (Terminal Services) 
02/05/2012 20:50:59 >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry) 
02/05/2012 20:50:12 Checking - complete 
02/05/2012 20:50:12 Driver loaded successfully 
02/05/2012 20:50:12 1.5 Checking of IRP handlers 
02/05/2012 20:50:12 Checking not performed: extended monitoring driver (AVZPM) is not installed 
02/05/2012 20:50:12 1.4 Searching for masking processes and drivers 
02/05/2012 20:50:11 Checking IDT and SYSENTER - complete 
02/05/2012 20:50:11 Disable callback OK 
02/05/2012 20:50:11 CmpCallCallBacks = 00093D84 
02/05/2012 20:50:11 Analysis for CPU 2 
02/05/2012 20:50:11 Analysis for CPU 1 
02/05/2012 20:50:11 1.3 Checking IDT and SYSENTER 
02/05/2012 20:50:11 Functions checked: 284, intercepted: 62, restored: 64 
02/05/2012 20:50:11 >>> Function restored successfully !  
02/05/2012 20:50:11 Function IoIsOperationSynchronous (804EF912) - machine code modification Method of JmpTo. jmp 9DB0B3AC \SystemRoot\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:11 >>> Function restored successfully ! 
02/05/2012 20:50:11 Function FsRtlCheckLockForReadAccess (804EAF84) - machine code modification Method of JmpTo. jmp 9DB0AFD0 \SystemRoot\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:11 >>> Hook code blocked 
02/05/2012 20:50:11 >>> Function restored successfully ! 
02/05/2012 20:50:11 Function NtWriteVirtualMemory (115) intercepted (805B43CC->9DB18B52), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtUnmapViewOfSection (10B) intercepted (805B2E48->9DB1C552), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtTerminateThread (102) intercepted (805D2BDC->9DB189C8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtTerminateProcess (101) intercepted (805D29E2->9DB18A68), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSystemDebugControl (FF) intercepted (806180BA->9DB1BA3E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSuspendThread (FE) intercepted (805D48F4->9DB1CA2A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSuspendProcess (FD) intercepted (805D4A82->9DB1C8F0), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSetValueKey (F7) intercepted (80622662->9DB17816), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSetSystemPowerState (F1) intercepted (80653E18->B9F8E0B0), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSetSystemInformation (F0) intercepted (8060FD06->9DB1C7FE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSetSecurityObject (ED) intercepted (805C062E->9DB1BDAA), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSetInformationToken (E6) intercepted (805FA7B4->9DB1B154), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSetContextThread (D5) intercepted (805D173A->9DB18E38), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSecureConnectPort (D2) intercepted (805A3D64->9DB19B0E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtSaveKey (CF) intercepted (80625BCC->9DB16EAE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtResumeThread (CE) intercepted (805D49BA->9DB1CBC8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtRestoreKey (CC) intercepted (80625AD0->9DB1728E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtRequestWaitReplyPort (C8) intercepted (805A2D76->9DB1B8B4), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtReplyWaitReceivePort (C3) intercepted (805A64B4->9DB1A6F2), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtReplyPort (C2) intercepted (805A54EC->9DB1A82C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtReplaceKey (C1) intercepted (806261C4->9DB16F16), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtRenameKey (C0) intercepted (80623B12->9DB17C2C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtQueueApcThread (B4) intercepted (805D1276->9DB1BFA0), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtQueryValueKey (B1) intercepted (80622314->9DB1799C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtQuerySection (A7) intercepted (805B85E0->9DB1C6AE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtQueryMultipleValueKey (A1) intercepted (8062323E->9DB17D72), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtQueryKey (A0) intercepted (80625810->9DB1813A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenThread (80) intercepted (805CB6CC->9DB187BE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenSemaphore (7E) intercepted (80615148->9DB1A4C8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenSection (7D) intercepted (805AA3EC->9DB1C10E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenProcess (7A) intercepted (805CB440->9DB188CC), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenMutant (78) intercepted (80617776->9DB1A288), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenKey (77) intercepted (806254CE->9DB176C0), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenFile (74) intercepted (8057A1A6->9DB19016), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtOpenEvent (72) intercepted (8060F04E->9DB1A3A8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtNotifyChangeKey (6F) intercepted (806262DE->9DB181CE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtMapViewOfSection (6C) intercepted (805B203A->9DB1C374), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtLoadKey2 (63) intercepted (80625F20->9DB174EE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtLoadKey (62) intercepted (80626314->9DB174DC), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtLoadDriver (61) intercepted (80584160->9DB1BC0C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtFsControlFile (54) intercepted (805792A2->9DB19500), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtEnumerateValueKey (49) intercepted (80624BA6->9DB180A2), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtEnumerateKey (47) intercepted (8062493C->9DB1800A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtDuplicateObject (44) intercepted (805BE008->9DB1CD26), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtDeviceIoControlFile (42) intercepted (8057926E->9DB196F2), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtDeleteValueKey (41) intercepted (8062475C->9DB17EBE), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtDeleteKey (3F) intercepted (8062458C->9DB17B0A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtDebugActiveProcess (39) intercepted (80643B30->9DB1BB1A), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateWaitablePort (38) intercepted (805A5110->9DB1A162), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateThread (35) intercepted (805D1018->9DB18C1C), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateSemaphore (33) intercepted (8061504E->9DB1A432), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateSection (32) intercepted (805AB3C8->9DB18426), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreatePort (2E) intercepted (805A50EC->9DB1A0CC), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreatePagingFile (2D) intercepted (805AB9EE->B9F82A20), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateNamedPipeFile (2C) intercepted (805790E2->9DB1827E), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateMutant (2B) intercepted (8061769E->9DB1A1F8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateKey (29) intercepted (806240F0->9DB17500), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateFile (25) intercepted (805790A8->9DB19270), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtCreateEvent (23) intercepted (8060EF4E->9DB1A312), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtConnectPort (1F) intercepted (805A45D0->9DB19DC8), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtClose (19) intercepted (805BC530->9DB18F94), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 >>> Hook code blocked 
02/05/2012 20:50:10 >>> Function restored successfully ! 
02/05/2012 20:50:10 Function NtAdjustPrivilegesToken (0B) intercepted (805EC464->9DB18690), hook C:\WINDOWS\system32\DRIVERS\5951687drv.sys, driver recognized as trusted 
02/05/2012 20:50:10 KiST = 80504480 (284) 
02/05/2012 20:50:10 SDT = 8055C700 
02/05/2012 20:50:10 Kernel ntkrnlpa.exe found in memory at address 804D7000 
02/05/2012 20:50:10 SDT found (RVA=085700) 
02/05/2012 20:50:10 Driver loaded successfully 
02/05/2012 20:50:10 1.2 Searching for kernel-mode API hooks 
02/05/2012 20:50:09 Analysis: netapi32.dll, export table found in section .text 
02/05/2012 20:50:09 Analysis: urlmon.dll, export table found in section .text 
02/05/2012 20:50:09 Analysis: rasapi32.dll, export table found in section .text 
02/05/2012 20:50:09 Analysis: wininet.dll, export table found in section .text 
02/05/2012 20:50:09 Analysis: ws2_32.dll, export table found in section .text 
02/05/2012 20:50:09 Analysis: advapi32.dll, export table found in section .text 
02/05/2012 20:50:08 Analysis: user32.dll, export table found in section .text 
02/05/2012 20:50:08 Analysis: ntdll.dll, export table found in section .text 
02/05/2012 20:50:08 IAT modification detected: GetProcAddress - 00BA0390<>7C80AE40 
02/05/2012 20:50:08 IAT modification detected: LoadLibraryA - 00BA0320<>7C801D7B 
02/05/2012 20:50:08 IAT modification detected: LoadLibraryW - 00BA02B0<>7C80AEEB 
02/05/2012 20:50:08 IAT modification detected: CreateProcessW - 00BA01D0<>7C802336 
02/05/2012 20:50:08 IAT modification detected: GetModuleFileNameW - 00BA0160<>7C80B475 
02/05/2012 20:50:08 IAT modification detected: FreeLibrary - 00BA00F0<>7C80AC7E 
02/05/2012 20:50:08 IAT modification detected: GetModuleFileNameA - 00BA0080<>7C80B56F 
02/05/2012 20:50:08 IAT modification detected: CreateProcessA - 00BA0010<>7C80236B 
02/05/2012 20:50:08 Analysis: kernel32.dll, export table found in section .text 
02/05/2012 20:50:08 1.1 Searching for user-mode API hooks 
02/05/2012 20:50:07 System Restore: enabled 
02/05/2012 20:50:07 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3" 
02/05/2012 20:50:07 Main script of analysis 
02/05/2012 20:50:04 Task started Gathering system information


----------



## Kronos2401 (Mar 31, 2012)

The Automatic Scan report was way too big, 28mb, even after zip it was 1.2mb, so I had to split the text file in 3 seperate zip files.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Back from my holidays, so playing catchup 

OK could you open AVP and on the manual disinfection tab click the link to *avptool sysinfo.zip* as that will be small enough to attach and contains the analysis run that I wil need to look at 

================

Back from my holiday, so playing catchup 

Okay, looks like I can see the main reason why the OTL fix isn't working. If you open up OTL and copy/paste the following in the *Custom Scans/Fixes* box as before, but do no click on Run Scan, but select the *Run Fix* button instead 


```
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys -- (pgtdapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\username123\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKCU..\Run: [XejAtgha] C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe) - C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

And it should work this time 

-------------------------------

eddie


----------



## Kronos2401 (Mar 31, 2012)

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service Tosrfcom stopped successfully!
Service Tosrfcom deleted successfully!
Error: No service named pgtdapod was found to stop!
Service\Driver key pgtdapod not found.
File C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: No service named Micorsoft Windows Service was found to stop!
Service\Driver key Micorsoft Windows Service not found.
File C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\username123\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XejAtgha deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\LocalService\Local Settings\Application Data\pxrnjgxj\xejatgha.exe deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Derek\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Derek\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Derek
->Temp folder emptied: 69198 bytes
->Temporary Internet Files folder emptied: 135029997 bytes
->Flash cache emptied: 2277 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1108 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 42448305 bytes

Total Files Cleaned = 170.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Derek

User: LocalService

User: NetworkService

User: TV

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Derek
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: TV
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.40.0 log created on 05142012_200628
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_680.dat moved successfully.
Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Thanks 


Re-run AVPTool 
Select the *Manual Disinfection* tab and press *Script execution*








Where it states *Insert text script in the following box * copy the below script and press *Run script*
Copy from *Begin* until *End*









```
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
SetAVZPMStatus(True);
 DelBHO('{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}');
 BC_DeleteFile('C:\Documents and Settings\Derek\Local Settings\temp\_uninst_26689776.bat');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
```

Your system will reboot on completion, if it does not please do so yourself 
On completion please run another analysis scan and attach the zip file


----------



## Kronos2401 (Mar 31, 2012)

Eddie, here's the avptool zip file from the Manual Disindection - Gathering system information.


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like its still there, so can you do this for me:

Using SystemLookUp again, can you run the following code:


```
:dir
c:\documents and settings\LocalService\Local Settings\Application Data /sub
:file
C:\Documents and Settings\Derek\Local Settings\temp\_uninst_71002904.bat
C:\WINDOWS\system32\DRIVERS\1507056drv.sys
C:\WINDOWS\system32\Drivers\d347bus.sys
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog00.sqm
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog01.sqm
```
And then, can you upload some files to me for further research. We'll also remove them, once they uploaded 

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\WINDOWS\system32\DRIVERS\1507056drv.sys
> C:\WINDOWS\system32\Drivers\d347bus.sys
> C:\Documents and Settings\Derek\Local Settings\temp\_uninst_71002904.bat
> ...


Let me know when they're uploaded


----------



## Kronos2401 (Mar 31, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 15:13 on 20/05/2012 by Derek
Administrator - Elevation successful
========== dir ==========
c:\documents and settings\LocalService\Local Settings\Application Data - Parameters: "/sub"
---Files---
WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat --a---- 256768 bytes [22:30 23/02/2012] [22:30 23/02/2012]
WPFFontCache_v0400-System.dat --a---- 123526 bytes [22:30 23/02/2012] [22:30 23/02/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft d------ [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19 d---s-- [18:39 03/05/2011]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Portable Devices d------ [10:27 15/05/2011]
wpdlog00.sqm --a---- 320 bytes [10:27 15/05/2011] [10:27 15/05/2011]
wpdlog01.sqm --a---- 290 bytes [21:19 23/02/2012] [21:19 23/02/2012]
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows d------ [18:39 03/05/2011]
UsrClass.dat --a---- 8192 bytes [18:39 03/05/2011] [21:12 23/02/2012]
UsrClass.dat.LOG --ah--- 1024 bytes [18:39 03/05/2011] [13:18 20/05/2012]
========== file ==========
C:\Documents and Settings\Derek\Local Settings\temp\_uninst_71002904.bat - Unable to find/read file.
C:\WINDOWS\system32\DRIVERS\1507056drv.sys - Unable to find/read file.
C:\WINDOWS\system32\Drivers\d347bus.sys - File found and opened.
MD5: 5776322F93CDB91086111F5FFBFDA2A0
Created at 12:38 on 07/05/2011
Modified at 15:31 on 22/08/2004
Size: 155136 bytes
Attributes: --a----
FileDescription: PnP BIOS Extension
FileVersion: 3.47.0.0 built by: WinDDK
ProductVersion: 3.47.0.0
OriginalFilename: 
InternalName: 
ProductName: 
CompanyName: 
LegalCopyright: Copyright (C) 2002-2004
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog00.sqm - Unable to find/read file.
c:\documents and settings\LocalService\Local Settings\Application Data\wpdlog01.sqm - Unable to find/read file.
-= EOF =-


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

The link to the spykiller post as follows;

http://thespykiller.co.uk/index.php?topic=9937.0


----------



## eddie5659 (Mar 19, 2001)

Thanks, looks like its only seen one of the files, which is strange as the systemlook above clearly shows them as there:



> wpdlog00.sqm --a---- 320 bytes [10:27 15/05/2011] [10:27 15/05/2011]
> wpdlog01.sqm --a---- 290 bytes [21:19 23/02/2012] [21:19 23/02/2012]


Still, they are legit so I'll leave them be 

And for the file that did get uploaded, this is a legit driver as well, so that's good 

Can you run this for me. If you can't enter SafeMode let me know, as it was showing as corrupt a while ago, but I'm hoping some of the file removals have solved that:

Save these instructions so you can have access to them while in Safe Mode.

Please click *here* to download AVP Tool by Kaspersky. 

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it. 
Click Next to continue. 
Accept the Licence agreement and click on next 
It will by default install it to your desktop folder.Click Next. 
It will then open a box There will be a tab that says Automatic scan. 
Under Automatic scan make sure these are checked. 

Hidden Startup Objects 
System Memory 
Disk Boot Sectors. 
My Computer. 
Also any other drives (Removable that you may have) 

Leave the rest of the settings as they appear as default.


Then click on Scan at the to right hand Corner. 
It will automatically Neutralize any objects found. 
If some objects are left un-neutralized then click the button that says Neutralize all 
If it says it cannot be Neutralized then chooose The delete option when prompted. 
After that is done click on the reports button at the bottom and save it to file name it *Kas*. 
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it. ​*
*​*
eddie


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

I am have a lot of trouble uploading this file. The saved file from the automatic scan is 44mb. Not only is my computer REALLY slow just simply opening the txt file, it is just too big to upload, the computer simply freezes. Been trying couple of days now but no dice, the file is simply too big.

Can you confirm the instructions please? Does it have to be the auto scan and not the manual? Where should I this report file, I can only find a reports buttom at the top left of the program. Which leds to Status, Defected threats, Automatic Scan report, Manual Disinfection report.

Thanks.


----------



## eddie5659 (Mar 19, 2001)

Hi Kronos

I'll run this on my computer tomorrow morning and make sure its all okay. I'll come back to you tomorrow 

eddie


----------



## eddie5659 (Mar 19, 2001)

The problem with Ramnit is, is that it attaches itself to know legit files, so removal usually ends with a format. However, I have seen some recurring files on a full second read of this thread, so will work on those.

As for the AVP scan, it has to be auto, otherwise nothing will be removed. I have a feeling they're all Ramnit files that have been removed. Can you copy/paste a small segment of the log here?

Now, to make sure I get all of these at the same time, I'm going to get you to run a scan from around the time you got the infection, to now.

So, to do that, can you delete the copy of OTL that you have, and get a fresh one from here:

Download *OTL* to your Desktop

Now, before you run it, can you change some of the settings as follows:

*Extra Registry* - To Use safelist
At the top, select *Scan All Users*

Now, as you originally posted on April 01, can you select the following from the drop-down menu under *File-Age*

*90 Days*

Now, ensure you click on *RUN SCAN*, otherwise it won't work fully 

And post both logs. They may be very long, but that's okay over a few posts. Don't attach them, as copy/paste makes it easier for me to research 

------------

And can you also see if you can do this for me:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> c:\documents and settings\Derek\LOCAL SETTINGS\Temp\fshhtddm.sys
> c:\documents and settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
> c:\documents and settings\Derek\Start Menu\Programs\Startup\xejatgha.exe
> *


Let me know when they're uploaded 

=========
eddie


----------



## eddie5659 (Mar 19, 2001)

Just remembered you already posted there before, so just reply to your thread with the new uploads:

http://thespykiller.co.uk/index.php?topic=9937.0


----------



## Kronos2401 (Mar 31, 2012)

OTL logfile created on: 02/06/2012 15:02:52 - Run 5
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.78% Memory free
3.83 Gb Paging File | 3.54 Gb Available in Paging File | 92.35% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 38.04 Gb Free Space | 68.25% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/06/02 14:56:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 15:44:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/14 06:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 06:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 06:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 06:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 06:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - [2012/05/18 22:19:41 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzqwmzex.sys -- (uzqwmzex)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/04/14 01:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 01:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 01:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 01:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2001/08/23 13:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-682003330-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKU\S-1-5-21-117609710-682003330-1801674531-1003\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKU\S-1-5-21-117609710-682003330-1801674531-1003\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-117609710-682003330-1801674531-1003\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-117609710-682003330-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/05/14 20:06:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-682003330-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-682003330-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-682003330-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 90 Days ==========

[2012/06/02 14:56:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/05/14 20:06:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/01 23:02:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/05/01 23:01:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/24 20:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/24 19:58:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/24 19:58:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/24 19:58:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/24 19:58:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/24 19:52:18 | 004,479,582 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek\Desktop\ComboFix.exe
[2012/04/19 19:50:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/04/19 19:50:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/04/13 22:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/13 22:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/06 19:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 19:40:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/06 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/06 16:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/31 22:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\VIRUS
[2012/03/31 22:21:04 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/24 20:34:22 | 138,400,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Derek\Desktop\SanDiskMediaManagerSetup.exe
[2012/03/18 12:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/18 12:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Start Menu\Programs\HiJackThis
[2012/03/17 00:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/03/10 02:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj

========== Files - Modified Within 90 Days ==========

[2012/06/02 15:00:49 | 000,264,875 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\sfp.zip
[2012/06/02 14:56:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/06/02 14:44:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/02 14:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/02 14:31:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/02 14:19:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/02 14:18:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 15:22:47 | 000,104,221 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\requested-files[2012-05-20_15_22].cab
[2012/05/18 22:19:41 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzqwmzex.sys
[2012/05/18 22:17:00 | 136,025,416 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_18_23_08.exe
[2012/05/15 23:29:29 | 000,060,623 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Company House Code.jpg
[2012/05/15 23:00:49 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 22:00:14 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/14 22:00:14 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/14 21:54:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/14 20:06:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/14 19:27:04 | 000,628,732 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Tax Return Reminder.jpg
[2012/05/05 15:44:39 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 15:44:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/30 23:06:11 | 004,479,582 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek\Desktop\ComboFix.exe
[2012/04/22 17:28:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:14:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/13 22:08:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/11 14:14:41 | 002,148,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012/04/11 14:14:41 | 002,148,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/04/11 14:12:06 | 001,862,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/04/11 14:12:06 | 001,862,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/04/11 14:10:58 | 002,192,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/04/11 13:35:52 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/04/11 13:35:51 | 002,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/04/11 13:35:51 | 002,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2012/04/09 20:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/08 15:19:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 19:38:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/24 20:34:40 | 138,400,096 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Derek\Desktop\SanDiskMediaManagerSetup.exe
[2012/03/17 11:54:58 | 000,022,804 | ---- | M] () -- C:\WINDOWS\MyBusinessWorks.blk
[2012/03/17 11:54:58 | 000,007,102 | ---- | M] () -- C:\WINDOWS\MyBusinessWorks.flt

========== Files Created - No Company Name ==========

[2012/06/02 15:00:48 | 000,264,875 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\sfp.zip
[2012/05/20 15:22:47 | 000,104,221 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\requested-files[2012-05-20_15_22].cab
[2012/05/18 22:19:41 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzqwmzex.sys
[2012/05/18 22:16:56 | 136,025,416 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_18_23_08.exe
[2012/05/14 19:26:41 | 000,628,732 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Tax Return Reminder.jpg
[2012/05/05 15:43:19 | 000,060,623 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Company House Code.jpg
[2012/04/24 19:58:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 19:58:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 19:58:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 19:58:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 19:58:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 17:28:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\RKUnhookerLE.EXE
[2012/04/22 17:27:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\SystemLook.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/13 22:14:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/13 22:14:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 20:56:18 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\HiJackThis.lnk
[2012/04/06 20:07:08 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 19:40:46 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 22:21:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/23 23:30:43 | 000,256,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
< End of report >


----------



## Kronos2401 (Mar 31, 2012)

OTL Extras logfile created on: 02/06/2012 15:02:52 - Run 5
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.78% Memory free
3.83 Gb Paging File | 3.54 Gb Available in Paging File | 92.35% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 38.04 Gb Free Space | 68.25% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{63132164-9AE3-45D3-047A-E9349D22956C}" = MozyPro
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TOSHIBA Software Modem" = TOSHIBA Software Modem

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/05/2012 17:59:07 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 04:42:01 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 04:47:19 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 04:53:05 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 06:26:34 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 06:26:35 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 26/05/2012 06:26:44 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 08:52:00 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 08:52:00 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 26/05/2012 08:52:08 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ Application Events ]
Error - 21/05/2012 17:59:07 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 04:42:01 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 04:47:19 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 04:53:05 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 06:26:34 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 06:26:35 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 26/05/2012 06:26:44 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 08:52:00 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 08:52:00 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 26/05/2012 08:52:08 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ Application Events ]
Error - 21/05/2012 17:59:07 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 04:42:01 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 04:47:19 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 04:53:05 | Computer Name = EQUIUM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/05/2012 06:26:34 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 06:26:35 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 26/05/2012 06:26:44 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 08:52:00 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 26/05/2012 08:52:00 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 26/05/2012 08:52:08 | Computer Name = EQUIUM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 26/05/2012 08:53:03 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 26/05/2012 08:53:03 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb MyBusinessWorksFilter NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
WS2IFSL

Error - 26/05/2012 09:51:05 | Computer Name = EQUIUM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 26/05/2012 09:55:12 | Computer Name = EQUIUM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 26/05/2012 09:55:24 | Computer Name = EQUIUM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/05/2012 09:57:48 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 26/05/2012 11:17:49 | Computer Name = EQUIUM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001B9EE4DAF8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 26/05/2012 12:02:21 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 27/05/2012 06:03:46 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 02/06/2012 09:19:52 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

[ System Events ]
Error - 26/05/2012 08:53:03 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 26/05/2012 08:53:03 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb MyBusinessWorksFilter NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
WS2IFSL

Error - 26/05/2012 09:51:05 | Computer Name = EQUIUM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 26/05/2012 09:55:12 | Computer Name = EQUIUM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 26/05/2012 09:55:24 | Computer Name = EQUIUM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/05/2012 09:57:48 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 26/05/2012 11:17:49 | Computer Name = EQUIUM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001B9EE4DAF8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 26/05/2012 12:02:21 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 27/05/2012 06:03:46 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 02/06/2012 09:19:52 | Computer Name = EQUIUM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

< End of report >


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

I've uploaded the Cab file. Thanks.

http://thespykiller.co.uk/index.php?topic=9942.new#new


----------



## eddie5659 (Mar 19, 2001)

Thanks for uploading the files, unfortunatly nothing managed to get zipped up. It wasn't anything you did, sometimes it happens 

No wories, lets see if we can finally get rid of this mess 

--------------------------

Okay, for this fix, can you delete the copy of ComboFix that you have, and get a fresh one from here. Don't run anything yet:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> c:\documents and settings\derek\8JqHb17E6
> c:\documents and settings\derek\UjPrn7vu
> c:\windows\system32\NUZ0Dp8
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

-------------------------

After doing the above, using SystemLookUp, can you run the following code, and post the log:


```
:dir
c:\documents and settings\derek
c:\windows\system32
C:\Documents and Settings\Derek\Desktop
c:\Documents and Settings\Derek\local settings\Temp
c:\documents and settings\Derek\Start Menu\Programs\Startup
C:\WINDOWS\system32\drivers
c:\documents and settings\derek\local settings\application data
:regfind
MICORSOFT
```
This will be long, so attach it as follows (if in parts, that will be fine)

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *SystemLook.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## Kronos2401 (Mar 31, 2012)

ComboFix 12-06-03.05 - Derek 04/06/2012 13:32:02.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1580 [GMT 1:00]
Running from: c:\documents and settings\Derek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Derek\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\documents and settings\derek\8JqHb17E6"
"c:\documents and settings\Derek\Bmnw4HwPl"
"c:\documents and settings\Derek\Desktop\UjPrn7vu"
"c:\documents and settings\Derek\local settings\Temp\fshhtddm.sys"
"c:\documents and settings\Derek\Start Menu\Programs\Startup\xejatgha.exe"
"c:\documents and settings\derek\UjPrn7vu"
"c:\windows\system32\drivers\uzqwmzex.sys"
"c:\windows\system32\NUZ0Dp8"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\derek\local settings\application data\pxrnjgxj
c:\windows\system32\drivers\uzqwmzex.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uzqwmzex
-------\Service_uzqwmzex
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-05-14 19:06 . 2012-05-14 19:06 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:44 . 2012-03-31 21:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:44 . 2012-01-24 16:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 01:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 11:39 . 2012-03-18 11:39 388096 ----a-r- c:\documents and settings\Derek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-24_19.07.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-04 12:38 . 2012-06-04 12:38 16384 c:\windows\Temp\Perflib_Perfdata_270.dat
+ 2012-06-04 12:16 . 2012-06-04 12:16 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
+ 2001-08-23 12:00 . 2012-05-14 21:00 87126 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2012-04-19 21:07 87126 c:\windows\system32\perfc009.dat
- 2011-11-21 22:31 . 2011-11-21 22:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-19 21:02 . 2012-04-19 21:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 96768  c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4add87007e0864467659e6a248a7fe06\UIAutomationProvider.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\28caa2ab8a4999900321b653e8b6ddc1\System.Windows.Presentation.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\4967f3e8b106851802f212e963bb8735\System.Web.ApplicationServices.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll
+ 2012-05-18 21:38 . 2012-05-18 21:38 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a5c37bc9caf315df294f8b680a1ccd6f\System.AddIn.Contract.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\5ccc57bb582bf753166610089f204601\Microsoft.VisualC.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\414da765b5d5bb7fde97c0ea22de7d74\Accessibility.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-14 21:01 . 2012-05-14 21:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\56d4f3fa7cf0b6b995511c7921b318c3\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\c9c2e468051fdf44b9c7623f7ae190a3\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-15 22:21 . 2012-05-15 22:21 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\5d0529cca67ada47749f5373ae050a4a\System.Xml.Serialization.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe
- 2012-04-19 21:06 . 2012-04-19 21:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-19 21:06 . 2012-04-19 21:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-19 21:06 . 2012-04-19 21:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-05 22:13 . 2012-04-05 22:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2001-08-23 12:00 . 2012-04-19 21:07 502826 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2012-05-14 21:00 502826 c:\windows\system32\perfh009.dat
+ 2012-05-05 14:44 . 2012-05-05 14:44 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-05 14:44 . 2012-05-05 14:44 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-03-31 21:21 . 2012-05-05 14:44 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-05-03 19:24 . 2012-05-15 22:00 115768 c:\windows\system32\FNTCACHE.DAT
- 2011-05-03 19:24 . 2012-04-22 16:23 115768 c:\windows\system32\FNTCACHE.DAT
+ 2012-01-19 12:08 . 2012-01-19 12:08 917272 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
- 2011-11-21 22:31 . 2011-11-21 22:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2011-11-21 22:31 . 2011-11-21 22:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2012-04-05 22:52 . 2012-04-05 22:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-12-22 15:50 . 2011-12-22 15:50 256000 c:\windows\Installer\5337f7.msp
+ 2010-03-18 12:16 . 2010-03-18 12:16 181096 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationHostDLL_X86.dll
+ 2012-05-18 21:43 . 2012-05-18 21:43 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2b8468e27c6b45ac2e6a58811b7e8f9e\WindowsFormsIntegration.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\6823effdbb0434f96511748697349862\UIAutomationTypes.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\021651282dda157fbe5a1f3575c67534\UIAutomationClient.ni.dll
+ 2012-05-18 21:36 . 2012-05-18 21:36 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\5fc7ab2af170ab1217c5e1a7328b999b\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0c9be85e41445175a85178cfadb56955\System.ServiceProcess.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\4278bedb3086448c94c1e7f563325052\System.Security.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\490f9ea2b1a2e738d203af00c5c9b735\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\360e9c00572679f437fff0ae719a5886\System.Numerics.ni.dll
+ 2012-05-18 21:41 . 2012-05-18 21:41 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\62a6ed6942237e009110ffa55adbb77a\System.Net.ni.dll
+ 2012-05-18 21:41 . 2012-05-18 21:41 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\6e750741719093e396cd2eaa96ec1e3e\System.Messaging.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\0eb2dedcc5b7f32e7886b83635d22dbc\System.Management.Instrumentation.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\54f78c72dbc55f90983ee1a887b27547\System.IO.Log.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\7cfdedf408ac80e153d7988e308c7caa\System.IdentityModel.Selectors.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\559594e862b578f3040446d7d4498cb7\System.Dynamic.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\41173dd435cb9e35b406e5ee17894cd1\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\40466b947e5932c0c96529915fef0c45\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\e38e62fe185dbc8344fc242b2093aee2\System.Device.ni.dll
+ 2012-05-18 21:38 . 2012-05-18 21:38 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\bc5bf4e71af4c7689ffed22f5187d922\System.Data.DataSetExtensions.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
+ 2012-05-18 21:38 . 2012-05-18 21:38 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\951ece575b9f8ed9a4abde6e58df473c\System.Configuration.Install.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\dcf415181fba99d99ec87eefdf082864\System.ComponentModel.Composition.ni.dll
+ 2012-05-18 21:38 . 2012-05-18 21:38 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\41a21613a657cc7d9ea10386f271d388\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-18 21:38 . 2012-05-18 21:38 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\cdd87ceeb66eb0db86b02c27372cc31c\System.AddIn.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\139ec162dfa0903f5b00d623d2e944be\System.Activities.DurableInstancing.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\01c8de400571afc3469fb99c6b7edecc\SMSvcHost.ni.exe
+ 2012-05-18 21:36 . 2012-05-18 21:36 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a6b504e505c1c4bc6204136a957a4e30\PresentationFramework.Classic.ni.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\71bcb2ec4fe3e7edb47397dfc1687576\PresentationFramework.Luna.ni.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\453c2355cf76a74cc01226680cca4a01\PresentationFramework.Royale.ni.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\d41c8b5e091531b0399cb1b3c771997d\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\dd47533d2837e1d78400f759f5f05e41\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8f0e78c2aa12e929ecf3b0c912ac8406\CustomMarshalers.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-15 22:03 . 2012-05-15 22:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-15 22:04 . 2012-05-15 22:04 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-14 21:01 . 2012-05-14 21:01 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-15 22:22 . 2012-05-15 22:22 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\e0997fbbcc0a3ba8583887b7441fda76\Microsoft.WSMan.Management.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e4c3ef7051b472e094685affd3f1b6a3\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e19aae0704acbefe088d30cd3170cdc2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\977d746f8a3923513d4911dbb02554f2\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8268b73874daae8c08abc2542d61b0f1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5150658ac2560ca05c8ab5b0ce467ba1\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-15 22:21 . 2012-05-15 22:21 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-05-03 19:57 . 2011-05-03 19:57 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-05-03 19:57 . 2011-05-03 19:57 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-14 18:31 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2008-04-14 01:00 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2011-05-03 19:47 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-05-03 19:47 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 18:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-05-03 19:47 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2012-01-19 12:08 . 2012-01-19 12:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 12:08 . 2012-01-19 12:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 12:08 . 2012-01-19 12:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 5029160 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-11-21 22:31 . 2011-11-21 22:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-11-21 22:31 . 2011-11-21 22:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-11-21 22:31 . 2011-11-21 22:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-11-21 22:31 . 2011-11-21 22:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-25 05:15 . 2011-03-25 05:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-10-26 03:39 . 2011-10-26 03:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-07 04:18 . 2011-07-07 04:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-14 20:55 . 2012-05-14 20:55 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-19 21:03 . 2012-04-19 21:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-19 12:37 . 2012-01-19 12:37 8999936 c:\windows\Installer\5337e2.msp
+ 2011-05-03 19:47 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-05-03 19:47 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 18:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-05-03 19:47 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-05-14 20:56 . 2012-05-14 20:56 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\551f143f078d91ce131d3007f16d0b19\UIAutomationClientsideProviders.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
+ 2012-05-18 21:36 . 2012-05-18 21:36 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\0c4c4826beb82b5088f685523d3567ec\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9c2da5bc8e93845d80dc6768efa78de7\System.Web.Services.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6f608e64178e985270abbf3b5776fcca\System.Speech.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll
+ 2012-05-18 21:42 . 2012-05-18 21:42 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll
+ 2012-05-18 21:36 . 2012-05-18 21:36 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
+ 2012-05-18 21:36 . 2012-05-18 21:36 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\33f3848cc6829d74d7414cfd2752a179\System.Printing.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6cd7a0ee3583e91326c73ca8e934a99c\System.DirectoryServices.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 1880064  c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\edfac26fdb2ed44310e9f22665a1ef95\System.Deployment.ni.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 2550272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\e26c8064282712b32d529e521eabde5d\System.Data.SqlXml.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\743d8f183ebfb457d773fc178bdf450d\System.Data.Services.Client.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\dd5b1a261ce2d2206cdd187666ff0246\System.Data.Linq.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 7069184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\5efc7ead86507fe65d83cde64c1f659d\System.Activities.ni.dll
+ 2012-05-18 21:38 . 2012-05-18 21:38 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\12935eb9d9d2967fbde3ee5bb6b23a4b\System.Activities.Presentation.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\3dc813516761fde757cba8adfbe86bd7\System.Activities.Core.Presentation.ni.dll
+ 2012-05-18 21:37 . 2012-05-18 21:37 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\913d7bd3ff289060005a1de83284a7ab\ReachFramework.ni.dll
+ 2012-05-18 21:35 . 2012-05-18 21:35 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a715b7b6bf6fc0b8d2ede1d02fb5cf9d\PresentationUI.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f6cf3977264d8c5bdc613da0f55da575\Microsoft.VisualBasic.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8b670069b8d6cd402bef08a90b42b0be\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\4c73682b6f7c4b669afa4c3b6cd33a89\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\15e239f82d2be50ebf7b4ab8364d4320\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d58c3dcfe00d95d9b397cd0d3d5db5a7\Microsoft.JScript.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 1616896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\4bacbc23cd4c0841cf4c18399b30b63c\Microsoft.CSharp.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-15 22:24 . 2012-05-15 22:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f25092440577f2a71941aa2b2856c2c7\System.Management.Automation.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-15 22:02 . 2012-05-15 22:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ca63096c1ecf977f509e2a565f4bcdac\System.Data.Entity.ni.dll
+ 2012-05-14 21:02 . 2012-05-14 21:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4ff6600c1fd3415ef0b058cf28814cb6\PresentationBuildTasks.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6ef3cb9cb1e78e9dbe83ca39962e45a1\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f7181b3c8e821962f8d688aa0601af0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\19c7aa1b140e849d78797fd27ca3cb36\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-15 22:22 . 2012-05-15 22:22 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-15 22:21 . 2012-05-15 22:21 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-05-03 20:59 . 2011-05-03 20:59 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-14 20:59 . 2012-05-14 20:59 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-14 20:53 . 2012-05-14 20:53 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-04-19 21:06 . 2012-04-19 21:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-05-03 20:27 . 2012-05-14 21:00 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 01:12 . 2012-04-06 01:12 15709696 c:\windows\Installer\5337ff.msp
+ 2012-01-04 01:25 . 2012-01-04 01:25 17751552 c:\windows\Installer\5337ef.msp
+ 2012-04-06 02:13 . 2012-04-06 02:13 16527872 c:\windows\Installer\5337d6.msp
+ 2011-12-15 12:40 . 2011-12-15 12:40 23374336 c:\windows\Installer\5337ca.msp
+ 2012-05-14 20:53 . 2012-05-14 20:53 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll
+ 2012-05-18 21:41 . 2012-05-18 21:41 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll
+ 2012-05-18 21:40 . 2012-05-18 21:40 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\31df9a0b86a3259cb02bbe741e501b85\System.Data.Entity.ni.dll
+ 2012-05-14 20:57 . 2012-05-14 20:57 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll
+ 2012-05-14 20:56 . 2012-05-14 20:56 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll
+ 2012-05-14 20:52 . 2012-05-14 20:52 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-15 22:23 . 2012-05-15 22:23 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-15 22:04 . 2012-05-15 22:04 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-15 22:03 . 2012-05-15 22:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-14 21:01 . 2012-05-14 21:01 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-14 21:00 . 2012-05-14 21:00 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks]
@="{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}"
[HKEY_CLASSES_ROOT\CLSID\{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks2]
@="{5d606e62-8440-1151-0d25-e99829da7470}"
[HKEY_CLASSES_ROOT\CLSID\{5d606e62-8440-1151-0d25-e99829da7470}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks3]
@="{e19471c0-bfb1-d9a0-9377-161e1a848d0e}"
[HKEY_CLASSES_ROOT\CLSID\{e19471c0-bfb1-d9a0-9377-161e1a848d0e}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-04 360448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe [2011-3-29 3571520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 184320 ----a-w- c:\program files\Daemon Virtual Drive\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 11:34 162328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 11:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 11:34 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 524288 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [07/05/2011 13:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [07/05/2011 13:38 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [14/05/2011 15:00 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe [29/03/2011 07:17 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [03/05/2011 22:42 5888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 22:21 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 06:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:44]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 13:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
c:\program files\MozyPro (Corporate Edition)\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-04 13:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 12:42
ComboFix2.txt 2012-04-30 22:24
ComboFix3.txt 2012-04-30 22:16
ComboFix4.txt 2012-04-24 19:24
ComboFix5.txt 2012-06-04 12:30
.
Pre-Run: 41,007,083,520 bytes free
Post-Run: 41,397,092,352 bytes free
.
- - End Of File - - 2DA90BB392D2B6883F578B27845C90F4


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

As instructed the latest SystemLookup file. Thanks.


----------



## eddie5659 (Mar 19, 2001)

We're making some headway by the looks of it 

Do you know what this file is:

c:\documents and settings\derek\*99*

It may be shown different on your system, Notepad sometimes can't translate the letters 

If so, thats fine 

--

We still have a few to remove, and a few Im curious about, so can you do the following for me:

You can still use the same Combofix, but can you delete the copy of CFScript that you have, and create a new one as below, and drag/drop and post the log as you did before:



> File::
> c:\documents and settings\derek\local settings\application data\bnxbxwgj.log
> c:\documents and settings\derek\local settings\application data\tpyfnrir.log
> c:\documents and settings\derek\local settings\application data\uimqgfvs.log
> ...


-------------

After doing that, can you run SystemLook using the below, and post the log again:


```
:dir
c:\windows\system32\1025 /sub
c:\windows\system32\1028 /sub
c:\windows\system32\1031 /sub
c:\windows\system32\1033 /sub
c:\windows\system32\1037 /sub
c:\windows\system32\1041 /sub
c:\windows\system32\1042 /sub
c:\windows\system32\1054 /sub
c:\windows\system32\2052 /sub
c:\windows\system32\3076 /sub
:filefind
*MICORSOFT*
:folderfind
*MICORSOFT*
```
===================================

After doing the above, can you update MBAM, and run a full scan, and post the log here.

eddie


----------



## Kronos2401 (Mar 31, 2012)

Eddie, I have no idea what that Y99Y file is.

================================
ComboFix 12-06-03.05 - Derek 08/06/2012 20:22:26.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1586 [GMT 1:00]
Running from: c:\documents and settings\Derek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Derek\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\documents and settings\derek\local settings\application data\bnxbxwgj.log"
"c:\documents and settings\derek\local settings\application data\tpyfnrir.log"
"c:\documents and settings\derek\local settings\application data\uimqgfvs.log"
"c:\documents and settings\derek\local settings\application data\wwvngfkl.log"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\derek\local settings\application data\bnxbxwgj.log
c:\documents and settings\derek\local settings\application data\tpyfnrir.log
c:\documents and settings\derek\local settings\application data\uimqgfvs.log
c:\documents and settings\derek\local settings\application data\wwvngfkl.log
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-05-14 19:06 . 2012-05-14 19:06 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 05:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-05 14:44 . 2012-03-31 21:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:44 . 2012-01-24 16:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 01:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 11:39 . 2012-03-18 11:39 388096 ----a-r- c:\documents and settings\Derek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-02 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-06-04_12.40.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-08 18:22 . 2012-06-08 18:22 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat
+ 2008-04-14 05:41 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 05:41 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks]
@="{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}"
[HKEY_CLASSES_ROOT\CLSID\{7e9e0c26-7e0a-12f7-a876-e1678917ad8d}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks2]
@="{5d606e62-8440-1151-0d25-e99829da7470}"
[HKEY_CLASSES_ROOT\CLSID\{5d606e62-8440-1151-0d25-e99829da7470}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MyBusinessWorks3]
@="{e19471c0-bfb1-d9a0-9377-161e1a848d0e}"
[HKEY_CLASSES_ROOT\CLSID\{e19471c0-bfb1-d9a0-9377-161e1a848d0e}]
2011-03-29 06:17 3424064 ----a-w- c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-04 360448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe [2011-3-29 3571520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 184320 ----a-w- c:\program files\Daemon Virtual Drive\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 11:34 162328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 11:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 11:34 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 524288 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [07/05/2011 13:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [07/05/2011 13:38 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [14/05/2011 15:00 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe [29/03/2011 07:17 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [03/05/2011 22:42 5888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 22:21 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2011 14:01 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 06:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:44]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-08 20:28:18
ComboFix-quarantined-files.txt 2012-06-08 19:28
ComboFix2.txt 2012-06-04 12:42
ComboFix3.txt 2012-04-30 22:24
ComboFix4.txt 2012-04-30 22:16
ComboFix5.txt 2012-06-08 19:21
.
Pre-Run: 41,324,183,552 bytes free
Post-Run: 41,354,874,880 bytes free
.
- - End Of File - - E7B9BA9BA0D6F5268FFA566DAD55DA15


----------



## Kronos2401 (Mar 31, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 08/06/2012 by Derek
Administrator - Elevation successful
========== dir ==========
c:\windows\system32\1025 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\1028 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\1031 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\1033 - Parameters: "/sub"
---Files---
dwintl.dll --a---- 55632 bytes [12:00 23/08/2001] [12:00 23/08/2001]
No folders found.
c:\windows\system32\1037 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\1041 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\1042 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\1054 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\2052 - Parameters: "/sub"
---Files---
None found.
No folders found.
c:\windows\system32\3076 - Parameters: "/sub"
---Files---
None found.
No folders found.
========== filefind ==========
Searching for "*MICORSOFT*"
C:\Qoobox\Quarantine\Registry_backups\Legacy_MICORSOFT_WINDOWS_SERVICE.reg.dat --a---- 1514 bytes [21:17 13/04/2012] [22:10 30/04/2012] F78BD467B3451E66B267EA4B37CEE730
C:\Qoobox\Quarantine\Registry_backups\Service_Micorsoft Windows Service.reg.dat --a---- 2888 bytes [21:17 13/04/2012] [22:10 30/04/2012] 8AA8196C8058931E1BEE253595CA9736
========== folderfind ==========
Searching for "*MICORSOFT*"
No folders found.
-= EOF =-


----------



## Kronos2401 (Mar 31, 2012)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.08.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Derek :: EQUIUM [administrator]
08/06/2012 21:38:57
mbam-log-2012-06-08 (21-38-57).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263471
Time elapsed: 52 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, my own computer has been having problems the past few days 

This isn't a file, but a folder:

*c:\documents and settings\derek\Ÿ9Ÿ9*

So, lets see what's in it, if anything. Re-run SystemLook, and use the following code:


```
:dir
c:\documents and settings\derek\&#376;9&#376;9 /sub
```
Then, can you delete the copy of OTL you have, and get a fresh one from here:

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


You may only get the one log, which is fine


----------



## Kronos2401 (Mar 31, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 22:53 on 15/06/2012 by Derek
Administrator - Elevation successful
========== dir ==========
c:\documents and settings\derek\&#376;9&#376;9 - Unable to find folder.
-= EOF =-


----------



## Kronos2401 (Mar 31, 2012)

OTL logfile created on: 15/06/2012 23:04:03 - Run 6
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.28% Memory free
3.83 Gb Paging File | 3.54 Gb Available in Paging File | 92.38% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 36.67 Gb Free Space | 65.78% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS

Computer Name: EQUIUM | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 22:54:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
PRC - [2012/05/29 18:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
PRC - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 15:44:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks) [Auto | Running] -- C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -- (MyBusinessWorksbackup)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Derek\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/05/23 18:49:30 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -- (MyBusinessWorksFilter)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {90ECF758-E3C9-4D90-BC65-35A90D480B03}
IE - HKCU\..\SearchScopes\{4ADF8512-94DF-4582-A60D-6D2D0D0A6574}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{90ECF758-E3C9-4D90-BC65-35A90D480B03}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/04 23:10:01 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/06/08 20:26:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe (MyBusinessWorks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 19:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 22:54:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/14 19:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\PCHealth
[2012/06/10 23:01:26 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdm.sys
[2012/06/10 23:01:26 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys
[2012/06/10 23:01:26 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcmnt.sys
[2012/06/10 23:01:25 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2012/06/10 23:01:25 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2012/06/10 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Samsung
[2012/06/10 22:39:54 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcm.sys
[2012/06/10 22:39:53 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys
[2012/06/10 22:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2012/06/10 22:38:54 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/06/10 22:38:40 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/06/10 22:38:40 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/06/10 22:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/06/10 22:34:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/10 22:29:08 | 092,939,360 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Documents and Settings\Derek\Desktop\Kies_2.3.2.12054_19_1.exe
[2012/06/04 13:25:35 | 004,536,354 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek\Desktop\ComboFix.exe
[2012/06/02 14:56:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/05/29 00:38:50 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\WINDOWS\MASetupCaller.dll
[2012/05/23 18:49:34 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\WINDOWS\MAMCityDownload.ocx
[2012/05/23 18:49:32 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2012/05/23 18:49:32 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2012/05/23 18:49:32 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2012/05/23 18:49:32 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2012/05/23 18:49:32 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2012/05/23 18:49:32 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2012/05/23 18:49:32 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2012/05/23 18:49:32 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2012/05/23 18:49:32 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2012/05/23 18:49:32 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2012/05/23 18:49:32 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2012/05/23 18:49:32 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2012/05/23 18:49:32 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2012/05/23 18:49:32 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2012/05/23 18:49:32 | 000,045,320 | ---- | C] (MARKANY) -- C:\WINDOWS\System32\MAMACExtract.dll
[2012/05/23 18:49:32 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2012/05/23 18:49:32 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2012/05/23 18:49:32 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2012/05/23 18:49:32 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe

========== Files - Modified Within 30 Days ==========

[2012/06/15 22:54:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
[2012/06/15 22:49:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/15 22:49:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 22:48:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/14 23:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/14 23:31:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 19:45:12 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 00:00:19 | 000,502,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 00:00:19 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 23:48:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/10 23:19:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/10 22:41:20 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/06/10 22:38:58 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/06/10 22:29:11 | 092,939,360 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Documents and Settings\Derek\Desktop\Kies_2.3.2.12054_19_1.exe
[2012/06/08 20:38:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/08 20:26:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/04 13:25:35 | 004,536,354 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek\Desktop\ComboFix.exe
[2012/05/29 00:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\WINDOWS\MASetupCaller.dll
[2012/05/23 18:50:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/05/23 18:49:34 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\WINDOWS\MAMCityDownload.ocx
[2012/05/23 18:49:34 | 000,030,568 | ---- | M] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/05/23 18:49:32 | 000,974,848 | ---- | M] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/05/23 18:49:32 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2012/05/23 18:49:32 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2012/05/23 18:49:32 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2012/05/23 18:49:32 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2012/05/23 18:49:32 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2012/05/23 18:49:32 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2012/05/23 18:49:32 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2012/05/23 18:49:32 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2012/05/23 18:49:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\System32\3DAudio.ax
[2012/05/23 18:49:32 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2012/05/23 18:49:32 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2012/05/23 18:49:32 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2012/05/23 18:49:32 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2012/05/23 18:49:32 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2012/05/23 18:49:32 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/05/23 18:49:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | M] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/05/23 18:49:32 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2012/05/23 18:49:32 | 000,045,320 | ---- | M] (MARKANY) -- C:\WINDOWS\System32\MAMACExtract.dll
[2012/05/23 18:49:32 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2012/05/23 18:49:32 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2012/05/23 18:49:32 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2012/05/23 18:49:32 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2012/05/23 18:49:30 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/05/23 18:49:30 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/05/18 22:17:00 | 136,025,416 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_18_23_08.exe

========== Files Created - No Company Name ==========

[2012/06/10 23:18:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/10 22:41:20 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/06/10 22:38:58 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/05/23 18:49:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\3DAudio.ax
[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/05/18 22:16:56 | 136,025,416 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\setup_11.0.0.1245.x01_2012_05_18_23_08.exe
[2012/04/24 19:58:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 19:58:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 19:58:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 19:58:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 19:58:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/19 22:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/23 23:30:43 | 000,476,090 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat
[2012/02/23 23:30:43 | 000,123,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:57:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/25 23:01:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/25 23:01:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/25 23:01:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/25 23:01:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/08 16:10:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/07 15:24:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011/05/07 12:21:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/05/07 12:21:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/05/07 12:21:55 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/05/07 12:21:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/05/07 12:18:00 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 12:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/07 12:08:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/05/04 23:02:37 | 000,165,571 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/05/04 23:02:37 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/05/03 22:49:00 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/03 22:42:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2011/05/03 22:35:53 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/03 20:25:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/03 20:24:21 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 20:11:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/03 20:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2011/05/03 20:06:02 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/05/03 19:38:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:32:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/05/05 22:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/01 11:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2012/06/10 22:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/05/07 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/07 12:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/10 22:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Samsung
[2011/05/05 23:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\WinBatch
[2011/05/03 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Windows Desktop Search
[2011/05/05 22:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Windows Search

========== Purity Check ==========

< End of report >


----------



## Kronos2401 (Mar 31, 2012)

Eddie, yes I only got the OTL and no EXTRA.txt.


----------



## eddie5659 (Mar 19, 2001)

Okay, its looking a lot better now 

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*


----------



## Kronos2401 (Mar 31, 2012)

```
OTS logfile created on: 22/06/2012 21:31:28 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Derek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.74 Gb Total Space | 36.29 Gb Free Space | 65.10% Space Free | Partition Type: NTFS
Drive D: | 54.58 Gb Total Space | 15.23 Gb Free Space | 27.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: EQUIUM
Current User Name: Derek
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Derek\Desktop\OTS.exe -> [2012/06/22 21:30:07 | 000,646,656 | ---- | M] (OldTimer Tools)
kiespdlr.exe -> C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -> [2012/05/29 18:18:06 | 000,021,432 | ---- | M] ()
kiestrayagent.exe -> C:\Program Files\Samsung\Kies\KiesTrayAgent.exe -> [2012/05/29 18:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
mybusinessworksstat.exe -> C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe -> [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks)
mybusinessworksbackup.exe -> C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -> [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks)
acu.exe -> C:\Program Files\Atheros\ACU.exe -> [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.)
acs.exe -> C:\WINDOWS\system32\acs.exe -> [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
thotkey.exe -> C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe -> [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA)
tappsrv.exe -> C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -> [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.)
 
[Modules - No Company Name]
system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll -> [2012/06/13 23:58:11 | 013,198,336 | ---- | M] ()
presentationframework.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll -> [2012/06/13 23:53:05 | 018,019,840 | ---- | M] ()
presentationcore.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll -> [2012/06/13 23:52:40 | 011,522,048 | ---- | M] ()
windowsbase.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll -> [2012/06/13 23:52:23 | 003,881,984 | ---- | M] ()
system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll -> [2012/06/13 23:52:20 | 001,666,048 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\367837cb7f83c9e52f09278f4e6c3ccd\System.Runtime.Remoting.ni.dll -> [2012/06/10 23:14:08 | 000,762,880 | ---- | M] ()
clisecurert.dll -> C:\Documents and Settings\Derek\Local Settings\temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll -> [2012/06/10 22:41:44 | 000,115,137 | ---- | M] ()
system.management.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll -> [2012/06/10 22:40:55 | 001,218,560 | ---- | M] ()
system.xaml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll -> [2012/06/10 22:40:25 | 001,782,272 | ---- | M] ()
presentationframework.luna.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\235bea2e40e40adb87a69b061d5b9cbf\PresentationFramework.Luna.ni.dll -> [2012/06/10 22:37:00 | 000,755,712 | ---- | M] ()
system.core.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll -> [2012/06/10 22:36:31 | 007,069,184 | ---- | M] ()
system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll -> [2012/06/10 22:36:27 | 005,617,664 | ---- | M] ()
system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll -> [2012/06/10 22:36:18 | 009,092,096 | ---- | M] ()
mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll -> [2012/06/10 22:36:07 | 014,415,360 | ---- | M] ()
kiespdlr.exe -> C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -> [2012/05/29 18:18:06 | 000,021,432 | ---- | M] ()
 
[Win32 Services - Safe List]
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/05/05 15:44:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(MyBusinessWorksbackup) MozyPro Backup Service [Auto | Running] -> C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe -> [2011/03/29 07:17:16 | 000,046,912 | ---- | M] (MyBusinessWorks)
(ACS) Atheros Configuration Service [Auto | Running] -> C:\WINDOWS\system32\acs.exe -> [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros)
(TAPPSRV) TOSHIBA Application Service [Auto | Running] -> C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -> [2007/04/10 08:45:20 | 000,035,840 | ---- | M] (TOSHIBA Corp.)
 
[Driver Services - Safe List]
(dgderdrv) dgderdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\dgderdrv.sys -> [2012/05/23 18:49:30 | 000,020,032 | ---- | M] (Devguru Co., Ltd)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(ssadmdm) SAMSUNG Android USB Modem Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssadmdm.sys -> [2011/06/02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation)
(ssadbus) SAMSUNG Android USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssadbus.sys -> [2011/06/02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation)
(ssadmdfl) SAMSUNG Android USB Modem (Filter) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssadmdfl.sys -> [2011/06/02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation)
(MyBusinessWorksFilter) MyBusinessWorksFilter [File_System | System | Running] -> C:\WINDOWS\system32\drivers\MyBusinessWorks.sys -> [2011/03/29 07:17:10 | 000,054,776 | ---- | M] (Mozy, Inc.)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtenicxp.sys -> [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation                           )
(AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\athw.sys -> [2009/09/30 15:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.)
(WSIMD) wsimd Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wsimd.sys -> [2009/03/16 23:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.)
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\FwLnk.sys -> [2007/04/04 08:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems)
(d347prt) d347prt [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\d347prt.sys -> [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( )
(d347bus) d347bus [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\d347bus.sys -> [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( )
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]https://login.yahoo.com/config/login?.src=fpctx&.intl=uk&.pd=c%3D6T7evjap2e6CwWSb86QVdqk-&.done=http%3A%2F%2Fuk.yahoo.com%2F[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2011/05/04 23:10:01 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2012/06/08 20:26:53 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ACU" -> C:\Program Files\Atheros\ACU.exe ["C:\Program Files\Atheros\ACU.exe" -nogui] -> [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.)
"KiesTrayAgent" -> C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [C:\Program Files\Samsung\Kies\KiesTrayAgent.exe] -> [2012/05/29 18:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.)
"THotkey" -> C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe [C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] -> [2008/03/04 12:12:04 | 000,360,448 | ---- | M] (TOSHIBA)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"KiesAirMessage" ->  [C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup] -> File not found
"KiesHelper" -> C:\Program Files\Samsung\Kies\KiesHelper.exe [C:\Program Files\Samsung\Kies\KiesHelper.exe /s] -> [2012/05/29 18:17:52 | 000,958,392 | ---- | M] (Samsung)
"KiesPDLR" -> C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe] -> [2012/05/29 18:18:06 | 000,021,432 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk -> C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe -> [2011/03/29 07:17:18 | 003,571,520 | ---- | M] (MyBusinessWorks)
< Derek Startup Folder > -> C:\Documents and Settings\Derek\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"HonorAutoRunSetting"]\\"HonorAutoRunSetting[/URL]" ->  [1] -> File not found
[URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
[URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> [URL]http://download.eset.com/special/eos/OnlineScanner.cab[/URL] [OnlineScanner Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4C27D94A-9E3D-4F0F-9232-EB531D577190}\\DhcpNameServer -> 192.168.0.1   (Realtek PCIe FE Family Controller) -> 
{ECA2E087-C26F-4614-89F4-A5E9B371EE46}\\DhcpNameServer -> 192.168.0.1   (Atheros AR5006EX Wireless Network Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 18:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/19 01:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/07/01 00:06:02 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/07/01 00:06:02 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\WINDOWS\system32\muzapp.exe" -> C:\WINDOWS\System32\muzapp.exe [C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player] -> [2012/05/23 18:49:32 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2011/05/03 19:35:50 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Derek\Desktop\OTS.exe -> [2012/06/22 21:30:02 | 000,646,656 | ---- | C] (OldTimer Tools)
 RECYCLER -> C:\RECYCLER -> [2012/06/15 22:54:32 | 000,000,000 | -HSD | C]
 PCHealth -> C:\Documents and Settings\Derek\Local Settings\Application Data\PCHealth -> [2012/06/14 19:51:42 | 000,000,000 | ---D | C]
 jsdbgui.dll -> C:\WINDOWS\System32\dllcache\jsdbgui.dll -> [2012/06/13 23:13:04 | 000,521,728 | ---- | C] (Microsoft Corporation)
 ssadmdm.sys -> C:\WINDOWS\System32\drivers\ssadmdm.sys -> [2012/06/10 23:01:26 | 000,136,808 | ---- | C] (MCCI Corporation)
 ssadmdfl.sys -> C:\WINDOWS\System32\drivers\ssadmdfl.sys -> [2012/06/10 23:01:26 | 000,012,776 | ---- | C] (MCCI Corporation)
 ssadcmnt.sys -> C:\WINDOWS\System32\drivers\ssadcmnt.sys -> [2012/06/10 23:01:26 | 000,010,472 | ---- | C] (MCCI Corporation)
 ssadbus.sys -> C:\WINDOWS\System32\drivers\ssadbus.sys -> [2012/06/10 23:01:25 | 000,121,064 | ---- | C] (MCCI Corporation)
 ssadwhnt.sys -> C:\WINDOWS\System32\drivers\ssadwhnt.sys -> [2012/06/10 23:01:25 | 000,010,344 | ---- | C] (MCCI Corporation)
 Samsung -> C:\Documents and Settings\Derek\Local Settings\Application Data\Samsung -> [2012/06/10 22:41:40 | 000,000,000 | ---D | C]
 ssadcm.sys -> C:\WINDOWS\System32\drivers\ssadcm.sys -> [2012/06/10 22:39:54 | 000,010,472 | ---- | C] (MCCI Corporation)
 ssadwh.sys -> C:\WINDOWS\System32\drivers\ssadwh.sys -> [2012/06/10 22:39:53 | 000,010,344 | ---- | C] (MCCI Corporation)
 Samsung -> C:\Documents and Settings\All Users\Start Menu\Programs\Samsung -> [2012/06/10 22:38:58 | 000,000,000 | ---D | C]
 Redemption.dll -> C:\WINDOWS\System32\Redemption.dll -> [2012/06/10 22:38:54 | 004,659,712 | ---- | C] (Dmitry Streblechenko)
 dgderapi.dll -> C:\WINDOWS\System32\dgderapi.dll -> [2012/06/10 22:38:40 | 000,821,824 | ---- | C] (Devguru Co., Ltd.)
 dgderdrv.sys -> C:\WINDOWS\System32\drivers\dgderdrv.sys -> [2012/06/10 22:38:40 | 000,020,032 | ---- | C] (Devguru Co., Ltd)
 MarkAny -> C:\Program Files\MarkAny -> [2012/06/10 22:38:40 | 000,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2012/06/10 22:34:05 | 000,000,000 | -HSD | C]
 Kies_2.3.2.12054_19_1.exe -> C:\Documents and Settings\Derek\Desktop\Kies_2.3.2.12054_19_1.exe -> [2012/06/10 22:29:08 | 092,939,360 | ---- | C] (Samsung Electronics Co., Ltd.                                )
 ComboFix.exe -> C:\Documents and Settings\Derek\Desktop\ComboFix.exe -> [2012/06/04 13:25:35 | 004,536,354 | R--- | C] (Swearware)
 OTL.exe -> C:\Documents and Settings\Derek\Desktop\OTL.exe -> [2012/06/02 14:56:44 | 000,595,968 | ---- | C] (OldTimer Tools)
 MASetupCaller.dll -> C:\WINDOWS\MASetupCaller.dll -> [2012/05/29 00:38:50 | 000,330,240 | ---- | C] ((&#51452;)&#47560;&#53356;&#50528;&#45768;)
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/06/22 21:31:00 | 000,000,884 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Derek\Desktop\OTS.exe -> [2012/06/22 21:30:07 | 000,646,656 | ---- | M] (OldTimer Tools)
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/06/22 21:04:38 | 000,002,206 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/06/22 21:03:01 | 000,000,880 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/06/22 21:02:41 | 000,002,048 | --S- | M] ()
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/06/18 22:44:00 | 000,000,830 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2012/06/17 00:02:17 | 000,000,664 | ---- | M] ()
 OTL.exe -> C:\Documents and Settings\Derek\Desktop\OTL.exe -> [2012/06/15 22:54:49 | 000,595,968 | ---- | M] (OldTimer Tools)
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/06/14 19:45:12 | 000,115,768 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/06/14 00:00:19 | 000,502,826 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/06/14 00:00:19 | 000,087,126 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/06/13 23:48:57 | 000,001,374 | ---- | M] ()
 Samsung Kies.lnk -> C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk -> [2012/06/10 22:41:20 | 000,001,594 | ---- | M] ()
 Samsung Kies.lnk -> C:\Documents and Settings\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk -> [2012/06/10 22:38:58 | 000,001,612 | ---- | M] ()
 Kies_2.3.2.12054_19_1.exe -> C:\Documents and Settings\Derek\Desktop\Kies_2.3.2.12054_19_1.exe -> [2012/06/10 22:29:11 | 092,939,360 | ---- | M] (Samsung Electronics Co., Ltd.                                )
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/06/08 20:38:44 | 000,000,784 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/06/08 20:26:53 | 000,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Derek\Desktop\ComboFix.exe -> [2012/06/04 13:25:35 | 004,536,354 | R--- | M] (Swearware)
 crypt32.dll -> C:\WINDOWS\System32\dllcache\crypt32.dll -> [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation)
 MASetupCaller.dll -> C:\WINDOWS\MASetupCaller.dll -> [2012/05/29 00:38:50 | 000,330,240 | ---- | M] ((&#51452;)&#47560;&#53356;&#50528;&#45768;)
 
[Files - No Company Name]
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2012/06/10 23:18:55 | 000,000,664 | ---- | C] ()
 Samsung Kies.lnk -> C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk -> [2012/06/10 22:41:20 | 000,001,594 | ---- | C] ()
 Samsung Kies.lnk -> C:\Documents and Settings\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk -> [2012/06/10 22:38:58 | 000,001,612 | ---- | C] ()
 MusiccityDownload.exe -> C:\WINDOWS\MusiccityDownload.exe -> [2012/05/23 18:49:34 | 000,030,568 | ---- | C] ()
 cis-2.4.dll -> C:\WINDOWS\System32\cis-2.4.dll -> [2012/05/23 18:49:32 | 000,974,848 | ---- | C] ()
 issacapi_bs-2.3.dll -> C:\WINDOWS\System32\issacapi_bs-2.3.dll -> [2012/05/23 18:49:32 | 000,081,920 | ---- | C] ()
 issacapi_pe-2.3.dll -> C:\WINDOWS\System32\issacapi_pe-2.3.dll -> [2012/05/23 18:49:32 | 000,065,536 | ---- | C] ()
 issacapi_se-2.3.dll -> C:\WINDOWS\System32\issacapi_se-2.3.dll -> [2012/05/23 18:49:32 | 000,057,344 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2012/04/24 19:58:29 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2012/04/24 19:58:29 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2012/04/24 19:58:29 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2012/04/24 19:58:29 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2012/04/24 19:58:29 | 000,068,096 | ---- | C] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2012/04/19 22:01:44 | 000,000,127 | ---- | C] ()
 WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-682003330-1801674531-1003-0.dat -> [2012/02/23 23:30:43 | 000,477,344 | ---- | C] ()
 WPFFontCache_v0400-System.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat -> [2012/02/23 23:30:43 | 000,123,526 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/15 22:57:56 | 000,003,072 | ---- | C] ()
 avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2011/07/25 23:01:36 | 000,000,038 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2011/07/25 23:01:35 | 000,650,752 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2011/07/25 23:01:35 | 000,243,200 | ---- | C] ()
 lagarith.dll -> C:\WINDOWS\System32\lagarith.dll -> [2011/07/25 23:01:35 | 000,216,064 | ---- | C] ( )
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2011/07/25 23:01:34 | 000,074,752 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2011/05/08 16:10:34 | 000,000,116 | ---- | C] ()
 unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2011/05/07 15:24:05 | 000,175,616 | ---- | C] ()
 d347bus.sys -> C:\WINDOWS\System32\drivers\d347bus.sys -> [2011/05/07 13:38:31 | 000,155,136 | ---- | C] ( )
 d347prt.sys -> C:\WINDOWS\System32\drivers\d347prt.sys -> [2011/05/07 13:38:31 | 000,005,248 | ---- | C] ( )
 csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2011/05/07 12:21:55 | 000,128,113 | ---- | C] ()
 csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2011/05/07 12:21:55 | 000,045,056 | ---- | C] ()
 tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2011/05/07 12:21:55 | 000,010,150 | ---- | C] ()
 cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2011/05/07 12:21:55 | 000,007,671 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/07 12:18:00 | 000,015,872 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2011/05/07 12:08:02 | 000,000,376 | ---- | C] ()
 mdm.ini -> C:\WINDOWS\mdm.ini -> [2011/05/07 12:08:02 | 000,000,063 | ---- | C] ()
 hpoins28.dat -> C:\WINDOWS\hpoins28.dat -> [2011/05/04 23:02:37 | 000,165,571 | ---- | C] ()
 hpomdl28.dat -> C:\WINDOWS\hpomdl28.dat -> [2011/05/04 23:02:37 | 000,000,796 | ---- | C] ()
 ISSRemoveSP.exe -> C:\WINDOWS\System32\ISSRemoveSP.exe -> [2011/05/03 22:49:00 | 000,451,072 | ---- | C] ()
 TCtrlIO.dll -> C:\WINDOWS\System32\TCtrlIO.dll -> [2011/05/03 22:42:55 | 000,118,784 | ---- | C] ()
 DLLVGA.dll -> C:\WINDOWS\System32\DLLVGA.dll -> [2011/05/03 22:42:55 | 000,053,248 | ---- | C] ( )
 IPTests.dll -> C:\WINDOWS\System32\IPTests.dll -> [2011/05/03 22:35:53 | 000,262,216 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2011/05/03 20:25:31 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/05/03 20:24:21 | 000,115,768 | ---- | C] ()
 ChCfg.exe -> C:\WINDOWS\System32\ChCfg.exe -> [2011/05/03 20:11:50 | 000,049,152 | ---- | C] ()
 igfxCoIn_v4833.dll -> C:\WINDOWS\System32\igfxCoIn_v4833.dll -> [2011/05/03 20:06:03 | 000,204,800 | ---- | C] ()
 igmedkrn.dll -> C:\WINDOWS\System32\igmedkrn.dll -> [2011/05/03 20:06:02 | 000,910,464 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/05/03 19:38:27 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2011/05/03 19:32:42 | 000,021,640 | ---- | C] ()
< End of report >
```


----------



## eddie5659 (Mar 19, 2001)

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Modules - No Company Name]
YY -> clisecurert.dll -> C:\Documents and Settings\Derek\Local Settings\temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
[Registry - Safe List]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "KiesAirMessage" -> [C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here


----------



## Kronos2401 (Mar 31, 2012)

[Modules - No Company Name]
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 06272012_221537


----------



## eddie5659 (Mar 19, 2001)

Excellent 

How's the computer running now? Is the initial problem gone?

If it is all okay, we'll remove the tools we've used, but I'll wait for your reply first 

eddie


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

The virtual memory error message has gone now, but I have notice other issues;

1) From a standard window/file explorer - I can no longer display "Folders" on the left hand panel. If I try to press the "Folders" button at anytime, the entire explorer/window closes on its own.

2) From visiting some web sites a request pops up asking to insert my windows 2000 installation disk, I have been pressing the cancel button, but a seperate error message pops up "1706". One of the site is the UK MSN homepage - http://uk.msn.com/?ocid=iehp

What do you make of these then? is it still the ramnit virus?


----------



## eddie5659 (Mar 19, 2001)

Okay, lets look at the Windows Explorer folder part first 

When you're in Windows Explorer, at the top select Tools | Folder Options. Under the General tab, in the Tasks section, can you see the option *Use Windows classic folders*?

If you can, select it, and then click on the View tab, and click *Apply to All Folders*

Does that help?

-----

For the second problem, do you have Office installed? Why its popping up on websites is a bit strange, it could be related to Frontpage, as the site you posted is Microsoft. Is it only happening on Microsoft pages?


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

Using the folder options didn't help, it just turns the panel off. I normally use the folder list panel to change directories from the list directly. When I select the folders the window closes just as before.

Yes I have Office installed, but the pop up is not just from the Microsoft. There are others websites that will trigger the pop up.


----------



## eddie5659 (Mar 19, 2001)

Hmm, it may have messed with your Windows files. Can you see if you can do this:

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

It did ask for the installation disk, but didn't help, not the folder problem or the error message from simply going to websites such as MSN.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets have a look at your Installed Programs:

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

---------

Can you also see if there are any updates here:

http://windowsupdate.microsoft.com/


----------



## Kronos2401 (Mar 31, 2012)

32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
Bluetooth Monitor 4
DAEMON Tools
ESET Online Scanner v3
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Smart Web Printing
HP Solution Center 11.0
Intel(R) Graphics Media Accelerator Driver
iTunes
K-Lite Codec Pack 7.5.0 (Full)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MozyPro
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 7 Premium
OCR Software by I.R.I.S. 11.0
PurePlay Poker
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Samsung Kies
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Search 4.0
WinZip 15.0


----------



## eddie5659 (Mar 19, 2001)

Well, you do have Office installed, but nothing else that jumps out. I'm going to grab someone that may be able to help on this, as I have found one suggestion out there, but not sure if it will work.

Back in a bit


----------



## eddie5659 (Mar 19, 2001)

Okay, have you tried uninstalling and then reinstalling Office?

If you have, try a repair as follows:

http://office.microsoft.com/en-us/h...ix-errors-in-office-programs-HA001054885.aspx


----------



## Kronos2401 (Mar 31, 2012)

Eddie I've reinstalled office 2000, looks ok now, MSN doesn't ask for the installation disk any more.

Have you any idea about the other problem? when selecting 'folders' or c:\ etc. the window closes automatically.


----------



## eddie5659 (Mar 19, 2001)

Good to see the Office bit works :up:

Try this for the folder's bit:


Right Click *Start*.
Click *Explore*.
Click *View*.
Click *Explorer Bar*.
Check *Folders*.


----------



## Kronos2401 (Mar 31, 2012)

Eddie, I've always had the folders checked. 

Checked or unchecked does nothing out of the ordinary.


----------



## eddie5659 (Mar 19, 2001)

Okay, have a few things to try, so first of all, we need to look at a registry key

Can you run SystemLook again, but with the following code, and post the log it produces. You may want to upload it as an attachment, as it may be quite large 


```
:reg
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
```


----------



## Kronos2401 (Mar 31, 2012)

Ok, File attached.


----------



## eddie5659 (Mar 19, 2001)

Well, you don't have the entry I was hoping to remove, so that's a no-no 

However, been looking and found a few more things to try 

Using SystemLook again, can you use this code and post the log:


```
:reg
HKEY_CLASSES_ROOT\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /sub
:filefind
shdocvw.dll
Browseui.dll
```


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

New file attached.


----------



## eddie5659 (Mar 19, 2001)

Okay, the entries there are correct. Just going to check something with someone, but can you see if re-installing internet explorer will help. Believe it or not, both are actually linked in this problem.

First, create a restore point, just in case:

http://support.microsoft.com/kb/948247

Call it IE reinstall, or something so you know what it is.

Then, install IE8 again, as below:

http://www.microsoft.com/en-us/download/details.aspx?id=43

It should replace any corrupt files that you have.

Reboot and see if that helps.


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

Tried the reinstall already, but no change, still have the same problem with window folders. On top this, I now lost my wireless internet access, I can only go to the web with the cable. I can't even get the list of wireless networks anymore, its simple empty, not a single one. I know theres nothing wrong with the modem as I can use the internet on my mobile phone wirelessly. Any thoughts?


----------



## eddie5659 (Mar 19, 2001)

Can you try this and post the log it creates:

Please download *Farbar Service Scanner* and run it on the computer with the issue.
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## Kronos2401 (Mar 31, 2012)

Eddie, I thought in might help if I reinstall Avira antivirus, but it didn't. Let me know if you want me to keep it for now or remove it until we sort out the computer first.

======================================

Farbar Service Scanner Version: 04-08-2012 01
Ran by Derek (administrator) on 05-08-2012 at 17:13:18
Running from "C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\BW7L7HWU"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.

Firewall Disabled Policy: 
==================

System Restore:
============
System Restore Disabled Policy: 
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy: 
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8) 
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.
**** End of log ****


----------



## eddie5659 (Mar 19, 2001)

Leave Avira installed for now, but disable it when running the following fix (re-enable it after)


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. 
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

----------------------

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










--

Download the attached zip file, extract the 4 reg files to your Desktop.

Locate the *BITS.reg* file on your Desktop, doubleclick and when the option appears saying *Are you sure you want to Add the information in BITS.reg to the Registry?*, select *Yes*.

Do the same for *SharedAccess.reg, wscsvc.reg and wuauserv.reg*

Reboot your computer and post a fresh Farbar Service Scanner log.

eddie


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

FSS file attached. Cheers.


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like most of it worked except for one. Can you try again, with just the one reg file I've attached below, in case it needed a reboot, and re-run the scan again.

If still no joy, can you do this with SystemLook:


```
:filefind
*wscsvc.dll
```
And post the log


----------



## Kronos2401 (Mar 31, 2012)

Ok, file attached.


----------



## eddie5659 (Mar 19, 2001)

Hmmm, looks like only two left. Do you still have the fix zip from before? If not, its still here:

http://forums.techguy.org/8439240-post104.html

If you can run the reg for *wuauserv* first, reboot and then run the *BITS* reg, and reboot.

Then, run the FSS again, and hopefully it will be okay.

It may need the reboot for them to work properly


----------



## Kronos2401 (Mar 31, 2012)

File attached.


----------



## eddie5659 (Mar 19, 2001)

Sorry, been away for a few days as it was the bank holiday weekend, so took some time off

Still not working 

I'll have to check this out, back in a bit


----------



## eddie5659 (Mar 19, 2001)

Its not looking good, the keys are being replaced, but the infection keeps removing them 

As you had Ramnit, this is one of the worst infections out there. The reason is that it targets certain system files, replaces it with infected files, but renames them back to the original Windows names.

So, finding and replacing them with non-infected copies is a hard process.

There are many tools out there that target Ramnit, and I thought that we'd managed to get all the files, but looks like we didn't 

My suggestion is to back up any photo's/documents that you have (though you may want to scan them, just to be safe) and reinstall Windows after formatting. That way you'll know you'll be clear of the infection.

I hardly ever recommend formatting, but in this case it may be the only safe alternative


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

To clarify, the virus can infect any file, and can overwrite the original with an infected one.

So if I backup the non-system files how do I check if its replaced by an infected file or not? the Avira can't do it, it hasn't helped so far right? Or do I need to back up my files and scan it in another computer? is there a better virus scanner you can recommend?


----------



## eddie5659 (Mar 19, 2001)

Managed to get some detailed information regarding this virus. As I say, its one of the worst ones you can get 

Like I said, sometimes you can remove all infected files, it just depends on how deep the infection is, which in your case, I think its still there.

*Ramnit*

Win32/Ramnit.A is a file infector with IRCBot functionality which infects *.exe*, and *.HTML/HTM files*, and *opens a back door that compromises your computer*. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

*With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. *

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. For more info, please read:

*Where to draw the line? When to recommend a format and reinstall?*

*Important Note:*

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. *All passwords should be changed immediately* to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. *You should consider them to be compromised*. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in *refusal to reimburse funds* lost due to fraud or similar criminal activity.


----------



## Kronos2401 (Mar 31, 2012)

Eddie,

I've wiped the machine and reinstalled xp, took a while to reinstall all the drivers, but got there in the end. Just want to say thanks for everything.


----------



## eddie5659 (Mar 19, 2001)

Hi

Yep, reinstalling is a long job, been there a few times, and its so annoying, especially when you can't find the driver for your soundcard etc 

Glad to see its all okay, and sorry about the fact that it ended up being a full format. It was the best to do in this case.

Take care 

eddie


----------

