Windows XP Desktop Doesn't Load - TR/Agent.35328 Trojan Detected

I'm working to clean up a Win XP Media Center system that had a lot of viruses. The cleaning guide was followed and it appears that the viruses have been removed (clean Malwarebytes and Avira scans after multiple scan / clean cycles). However, after cleaning the viruses the computer stopped loading XP fully. Clean boot and login process then a blank screen with just a curser. ALT-CTRL-DEL launches the task manager and I can run most tasks but I can't run explorer.exe and iexplorer.exe launched but doesn't allow me to type in any urls.

I've run (and attached the logs) MBAM, OTL, Avira, RootRepeal. I've also attempted sfc /scannow - Dell Inspiron E1505 laptop with no disks. Changed the registry to point to the C:\i386 directory with limited success (install XP disk, then XP Pro disk, then XP SP3 disk). I also downloaded SP3 standalone installer from Microsoft and ran it.

Any help will be appreciated!

Latest OTL log:

OTL logfile created on: 1/20/2010 6:55:38 PM - Run 2
OTL by OldTimer - Version 3.1.11.6 Folder = E:\Bill\Utilities
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.33% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 34.71 Gb Free Space | 51.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 976.13 Mb Total Space | 627.08 Mb Free Space | 64.24% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIANE
Current User Name: Diane Sullivan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/14 22:29:59 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/05 09:56:44 | 00,536,064 | ---- | M] (OldTimer Tools) -- E:\Bill\Utilities\OTL.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/09/18 05:42:04 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2007/03/07 11:54:06 | 00,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2006/11/01 20:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2006/11/01 20:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006/09/21 12:21:12 | 00,167,936 | ---- | M] (OptionNV) -- C:\WINDOWS\system32\GtDetectSc.exe
PRC - [2006/08/03 18:50:46 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/05/23 13:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

========== Modules (SafeList) ==========

MOD - [2009/12/05 09:56:44 | 00,536,064 | ---- | M] (OldTimer Tools) -- E:\Bill\Utilities\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/01/14 22:29:59 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/14 22:13:26 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/14 22:09:15 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/29 14:19:03 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/09/18 05:56:46 | 00,109,080 | ---- | M] (PCTEL) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2007/09/18 05:42:04 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2007/03/07 11:54:06 | 00,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2006/11/01 20:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/09/21 12:21:12 | 00,167,936 | ---- | M] (OptionNV) -- C:\WINDOWS\system32\GtDetectSc.exe -- (GtDetectSc)
SRV - [2006/08/03 18:50:46 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/05/23 13:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009/11/25 15:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\Mozilla\Extensions
[2009/11/25 15:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [ypagerps2] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: mbtrading.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 9 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1162906594953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 04:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/18 21:32:44 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/18 21:09:16 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/17 22:03:38 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/17 21:33:04 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/17 21:32:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/17 21:32:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/17 21:32:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/17 21:32:06 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/17 21:31:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/17 21:30:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/17 11:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/16 19:33:50 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/01/16 19:33:46 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/01/16 19:33:22 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/01/16 19:33:18 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/01/16 19:33:00 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/01/16 19:32:56 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/01/16 19:32:49 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/01/16 19:32:35 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/01/16 19:32:24 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/01/16 19:32:20 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/01/16 19:32:16 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/01/16 19:32:11 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/01/16 19:32:07 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/01/16 19:32:02 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/01/16 19:31:58 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/01/16 19:31:45 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/01/16 19:31:29 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/01/16 19:31:25 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/01/16 19:31:21 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/01/16 19:31:18 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/01/16 19:30:57 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/01/16 19:30:42 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/01/16 19:30:38 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/01/16 19:30:29 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/01/16 19:30:25 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/01/16 19:30:22 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/01/16 19:30:18 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/01/16 19:30:14 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/01/16 19:30:10 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/01/16 19:29:42 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/01/16 19:29:37 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/01/16 19:29:33 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/01/16 19:29:32 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/01/16 19:29:29 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/01/16 19:29:25 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/01/16 19:29:13 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/01/16 19:29:10 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/01/16 19:28:40 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/01/16 19:28:36 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/01/16 19:28:33 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/01/16 19:28:29 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/01/16 19:28:24 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/01/16 19:27:40 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/01/16 19:27:37 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/01/16 19:27:33 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/01/16 19:27:30 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/01/16 19:27:26 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/01/16 19:27:03 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/01/16 19:27:00 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/01/16 19:26:57 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/01/16 19:26:49 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/01/16 19:26:23 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/01/16 19:26:19 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/01/16 19:26:16 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/01/16 19:26:13 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/01/16 19:25:51 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/01/16 19:25:44 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/01/16 19:25:41 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/01/16 19:25:27 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/01/16 19:25:23 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/01/16 19:25:20 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/01/16 19:25:17 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/01/16 19:25:14 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/01/16 19:25:10 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/01/16 19:25:07 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/01/16 19:25:04 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/01/16 19:25:00 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/01/16 19:24:54 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/01/16 19:24:51 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/01/16 19:24:50 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/01/16 19:24:50 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/01/16 19:24:49 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/01/16 19:24:48 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/01/16 19:24:46 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/01/16 19:24:43 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/01/16 19:24:36 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/01/16 19:24:31 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/01/16 19:24:28 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/01/16 19:24:24 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/01/16 19:24:15 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/01/16 19:24:12 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/01/16 19:23:58 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/01/16 19:23:55 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/01/16 19:23:52 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/01/16 19:23:41 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/01/16 19:23:04 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/01/16 19:23:01 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/01/16 19:22:48 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/01/16 19:22:48 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/01/16 19:22:45 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/01/16 19:22:05 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/01/16 19:22:02 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/01/16 19:21:59 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/01/16 19:21:56 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/01/16 19:21:42 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/01/16 19:21:26 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/01/16 19:21:23 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/01/16 19:21:20 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/01/16 19:21:19 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/01/16 19:21:11 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/01/16 19:21:08 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/01/16 19:21:01 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/01/16 19:20:58 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/01/16 19:20:55 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/01/16 19:20:52 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/01/16 19:20:49 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/01/16 19:20:45 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/01/16 19:20:36 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/01/16 19:20:33 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/01/16 19:20:30 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/01/16 19:20:27 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/01/16 19:20:24 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/01/16 19:20:21 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/01/16 19:19:27 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/01/16 19:19:07 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/01/16 19:19:05 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/01/16 19:19:03 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/01/16 19:19:01 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/01/16 19:19:00 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/01/16 19:18:58 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/01/16 19:18:50 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/01/16 19:18:48 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/01/16 19:18:45 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/01/16 19:18:42 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/01/16 19:18:38 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/01/16 19:18:35 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/01/16 19:17:52 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/01/16 19:17:46 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/01/16 19:17:23 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/01/16 19:15:48 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/01/16 19:15:39 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/01/16 19:15:13 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/01/16 19:15:11 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/01/16 19:15:09 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/01/16 19:14:56 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/01/16 19:14:51 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/01/16 19:14:49 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/01/16 19:14:46 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/01/16 19:14:44 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/01/16 19:14:42 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/01/16 19:14:40 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/01/16 19:14:27 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/01/16 19:14:22 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/01/16 19:14:20 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/01/16 19:14:14 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/01/16 19:14:12 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010/01/16 19:14:10 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/01/16 19:14:10 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010/01/16 19:14:08 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010/01/16 19:14:08 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/01/16 19:14:06 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010/01/16 19:13:53 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/01/16 19:13:02 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/01/16 19:13:00 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/01/16 19:12:53 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/01/16 19:12:51 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/01/16 19:12:50 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/01/16 19:12:45 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/01/16 19:12:44 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/01/16 19:12:43 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/01/16 19:12:42 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/01/16 19:12:40 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/01/16 19:12:21 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/01/16 19:12:20 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/01/16 19:12:16 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/01/16 19:11:57 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/01/16 19:11:56 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/01/16 19:11:55 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/01/16 19:11:54 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/01/16 19:11:53 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/01/16 19:11:52 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/01/16 19:11:50 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/01/16 19:11:49 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/01/16 19:11:42 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/01/16 19:11:40 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/01/16 19:11:34 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/01/16 19:11:27 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/01/16 19:11:22 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/01/16 19:11:21 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/01/16 19:11:20 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/01/16 19:11:20 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/01/16 19:11:19 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/01/16 19:11:18 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/01/16 19:11:17 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/01/16 19:11:16 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/01/16 19:11:16 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/01/16 19:11:14 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/01/16 19:11:13 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/01/16 19:11:13 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/01/16 19:10:46 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/01/16 19:10:46 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/01/16 19:10:45 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/01/16 19:10:44 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/01/16 19:10:44 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/01/16 19:10:43 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/01/16 19:10:42 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/01/16 19:10:42 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/01/16 19:10:41 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/01/16 19:10:40 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/01/16 19:10:39 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/01/16 19:10:38 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/01/16 19:10:37 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/01/16 19:10:36 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/01/16 19:10:36 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/01/16 19:10:35 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/01/16 19:10:35 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/01/16 19:10:34 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/01/16 14:49:38 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Diane Sullivan\Recent
[2010/01/16 10:27:12 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/01/16 10:27:09 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/01/16 10:27:09 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/01/16 10:27:08 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/01/16 10:27:07 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/01/16 10:27:07 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/01/16 10:27:06 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/01/16 10:27:06 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/01/16 10:26:51 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/01/16 10:26:49 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/01/16 10:26:46 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/01/16 10:26:40 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/01/16 10:26:39 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/01/16 10:26:39 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/01/16 10:26:38 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/01/16 10:26:38 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/01/16 10:26:37 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/01/16 10:26:36 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/01/16 10:26:36 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/01/16 10:26:35 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/01/16 10:26:34 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/01/16 10:26:33 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/01/16 10:26:33 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/01/16 10:26:32 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/01/14 22:30:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/14 22:27:12 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/01/14 22:27:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/14 22:21:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/14 22:19:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/01/14 22:16:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/01/14 22:03:56 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/01/14 22:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/01/14 21:57:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/14 21:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Sullivan\Desktop\Utilities
[2010/01/14 21:38:57 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/14 21:38:57 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/14 21:38:57 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/14 21:38:57 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/14 21:38:54 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/14 21:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/14 21:38:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/14 20:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Sullivan\Application Data\Malwarebytes
[2010/01/14 20:20:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/14 20:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/14 20:20:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/14 20:20:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/14 19:50:41 | 00,000,000 | ---D | C] -- C:\657881fe0b65dc367abfcb0f6ae8
[2010/01/13 21:50:27 | 01,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Diane Sullivan\My Documents\HousecallLauncher.exe
[2010/01/13 21:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/13 11:18:38 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\My Documents\randomname.exe
[2010/01/12 22:11:11 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\My Documents\tryagain.exe.exe
[2010/01/12 22:09:58 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\My Documents\mbam-setup.exe
[2010/01/12 22:03:16 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\Desktop\fun times.exe

========== Files - Modified Within 14 Days ==========

[2010/01/20 18:44:32 | 00,558,252 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 18:44:32 | 00,467,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 18:44:32 | 00,080,434 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 18:40:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 18:40:44 | 00,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 18:39:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 18:39:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 18:39:44 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 21:24:19 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\Diane Sullivan\NTUSER.DAT
[2010/01/19 21:24:19 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Diane Sullivan\ntuser.ini
[2010/01/19 21:18:05 | 00,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/17 22:08:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/17 21:33:11 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/01/17 20:43:25 | 00,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/17 11:11:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 22:27:23 | 00,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/14 22:21:57 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/14 22:20:16 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Diane Sullivan\Desktop\Windows Media Player.lnk
[2010/01/14 22:19:39 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/14 22:19:39 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/14 22:19:31 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/14 22:17:44 | 00,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/01/14 22:16:57 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/14 22:12:36 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/14 22:11:55 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\Diane Sullivan\Desktop\LimeWire 5.4.6.lnk
[2010/01/14 22:04:05 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/01/14 22:00:44 | 14,995,488 | -H-- | M] () -- C:\Documents and Settings\Diane Sullivan\Local Settings\Application Data\IconCache.db
[2010/01/14 21:40:49 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/14 21:37:02 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Phobihoci.dat
[2010/01/14 19:16:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Cwepodi.bin
[2010/01/13 21:50:27 | 01,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Diane Sullivan\My Documents\HousecallLauncher.exe
[2010/01/13 11:23:54 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/13 11:18:38 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\My Documents\randomname.exe
[2010/01/12 22:10:24 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\My Documents\tryagain.exe.exe
[2010/01/12 22:09:58 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\My Documents\mbam-setup.exe
[2010/01/12 22:02:00 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Diane Sullivan\Desktop\fun times.exe
[2010/01/12 15:46:28 | 00,000,148 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/01/12 12:14:52 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Diane Sullivan\My Documents\Wells Fargo Hardship letter.doc
[2010/01/12 12:13:07 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Diane Sullivan\My Documents\Financial Worksheet Wells Fargo.xls
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 11:43:53 | 00,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StreetSmart Pro Readme.lnk
[2010/01/07 11:43:52 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StreetSmart Pro.lnk
[2010/01/06 19:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2010/01/17 21:33:11 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/17 21:33:07 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/17 21:32:06 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 21:32:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/17 21:32:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/17 21:32:06 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 21:32:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/16 19:33:46 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/01/16 19:33:42 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/01/16 19:33:22 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/01/16 19:23:40 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/01/16 19:23:40 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/01/16 19:18:33 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/01/16 19:18:30 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/01/16 19:17:29 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/01/16 19:15:46 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/01/16 19:15:41 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/01/16 19:15:36 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/01/16 19:15:31 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/01/16 19:15:27 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/01/16 19:15:14 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/01/16 19:12:49 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/01/16 19:12:48 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/01/16 19:12:46 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/01/16 19:11:05 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/01/16 19:11:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/01/16 19:11:04 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/01/16 19:11:04 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/01/16 19:11:04 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/01/16 19:11:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/01/16 19:11:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/01/16 19:11:02 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/01/16 19:11:02 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/01/16 19:11:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/01/16 19:11:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/01/16 19:11:01 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/01/16 19:11:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/01/16 19:11:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/01/16 19:11:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/01/16 19:11:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/01/16 19:11:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/01/16 19:11:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/01/16 19:10:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/01/16 19:10:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/01/16 19:10:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/01/16 19:10:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/01/16 19:10:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/01/16 19:10:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/01/16 19:10:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/01/16 19:10:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/01/16 19:10:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/01/16 19:10:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/01/16 19:10:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/01/16 19:10:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/01/16 19:10:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/01/16 19:10:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/01/16 19:10:55 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/01/16 19:10:55 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/01/16 19:10:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/01/16 19:10:54 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/01/16 19:10:54 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/01/16 19:10:54 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/01/16 19:10:54 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/01/16 19:10:53 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/01/16 19:10:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/01/16 19:10:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/01/16 19:10:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/01/16 19:10:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/01/16 19:10:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/01/16 19:10:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/01/16 19:10:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/01/16 19:10:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/01/16 19:10:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/01/16 19:10:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/01/16 19:10:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/01/16 19:10:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/01/16 19:10:49 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/01/16 19:10:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/01/16 19:10:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/01/16 19:10:48 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/01/16 19:10:48 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/01/16 19:10:48 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/01/16 16:56:35 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/16 14:50:35 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/16 10:27:20 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/01/16 10:27:13 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/01/16 10:27:02 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/01/16 10:27:02 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/01/16 10:27:01 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/01/16 10:27:00 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/01/16 10:27:00 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/01/16 10:26:59 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/01/16 10:26:59 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/01/16 10:26:58 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/01/16 10:26:57 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/01/16 10:26:53 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/01/14 22:27:23 | 00,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/14 22:21:57 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/14 22:16:57 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/14 22:13:42 | 00,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/14 22:13:42 | 00,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/14 22:12:36 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/14 22:11:55 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Desktop\LimeWire 5.4.6.lnk
[2010/01/13 11:23:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/12 15:50:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Cwepodi.bin
[2010/01/12 15:50:06 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Phobihoci.dat
[2010/01/12 15:46:28 | 00,000,148 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/01/12 12:01:04 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\My Documents\Financial Worksheet Wells Fargo.xls
[2010/01/12 11:29:31 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\My Documents\Wells Fargo Hardship letter.doc
[2009/09/25 11:39:35 | 00,017,203 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2009/09/25 11:39:30 | 00,005,438 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2009/08/09 13:20:44 | 00,000,354 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/12 10:05:40 | 00,025,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/01/13 17:37:27 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 18:26:42 | 00,003,774 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Local Settings\Application Data\rg_pdf.ico
[2008/05/26 02:30:33 | 00,000,311 | ---- | C] () -- C:\WINDOWS\MbtCom.INI
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/24 10:44:39 | 00,328,117 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Application Data\TEST.zip
[2007/07/24 10:35:35 | 00,011,198 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Application Data\advil1_prefs.zip
[2007/03/15 06:59:19 | 00,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gtupdater.ini
[2007/01/30 07:59:49 | 00,388,753 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Application Data\257681175.zip
[2007/01/16 17:13:14 | 02,019,459 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Application Data\advil1.zip
[2006/12/13 11:42:45 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/13 11:42:45 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D9F932486D.sys
[2006/11/13 17:55:42 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/11/11 16:01:47 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\CNCOAF.DLL
[2006/11/06 17:23:09 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Diane Sullivan\Local Settings\Application Data\fusioncache.dat
[2006/10/31 18:35:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/31 18:21:11 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/31 18:19:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 18:13:41 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/10/31 18:10:19 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/31 18:10:16 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/10/31 17:47:00 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/31 17:46:36 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/13 07:30:22 | 00,002,438 | ---- | C] () -- C:\WINDOWS\winros.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/25 18:15:00 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

========== LOP Check ==========

[2009/07/12 10:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/09/26 11:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/08/16 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/05/22 07:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2009/12/09 16:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/05/16 11:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/11/15 14:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/14 20:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/11 15:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/10/31 18:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/18 18:42:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/18 21:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/06 12:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/09/07 11:00:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\AT&T
[2007/09/07 10:59:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\DBUpdater
[2010/01/14 21:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\IObit
[2008/07/07 18:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\Leadertech
[2010/01/14 21:37:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\LimeWire
[2009/08/12 15:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/07/12 09:59:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\Sierra Wireless
[2009/11/26 15:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\Skinux
[2009/12/10 11:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\Video DVD Maker FREE
[2006/11/13 17:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Sullivan\Application Data\webex

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Latest RootRepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/20 18:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADB82000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xba69371e

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba693714

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xba693723

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xba69372d

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xba693732

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba693700

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba693705

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xba69373c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xba693737

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xba693728

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xba69370f

==EOF==

Clean Avira Log:

Avira AntiVir Personal
Report file date: Sunday, January 17, 2010 08:47

Scanning for 1547035 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DIANE

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:40:36
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 03:40:36
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 03:40:36
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 03:40:37
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 03:40:37
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 03:40:37
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 03:40:37
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 03:40:37
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 03:40:37
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 03:40:38
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 03:40:38
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 03:40:38
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 03:40:38
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 03:40:39
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 03:40:39
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 03:40:40
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 03:40:40
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 03:40:41
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 03:40:41
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 03:40:42
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 03:40:42
VBASE022.VDF : 7.10.2.158 192000 Bytes 1/11/2010 03:40:43
VBASE023.VDF : 7.10.2.186 200704 Bytes 1/14/2010 03:40:43
VBASE024.VDF : 7.10.2.187 2048 Bytes 1/14/2010 03:40:43
VBASE025.VDF : 7.10.2.188 2048 Bytes 1/14/2010 03:40:43
VBASE026.VDF : 7.10.2.189 2048 Bytes 1/14/2010 03:40:43
VBASE027.VDF : 7.10.2.190 2048 Bytes 1/14/2010 03:40:44
VBASE028.VDF : 7.10.2.191 2048 Bytes 1/14/2010 03:40:44
VBASE029.VDF : 7.10.2.192 2048 Bytes 1/14/2010 03:40:44
VBASE030.VDF : 7.10.2.193 2048 Bytes 1/14/2010 03:40:44
VBASE031.VDF : 7.10.2.203 257024 Bytes 1/16/2010 17:03:05
Engineversion : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/15/2010 03:40:47
AESCN.DLL : 8.1.3.1 127348 Bytes 1/15/2010 03:40:47
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/15/2010 03:40:47
AEPACK.DLL : 8.2.0.5 422262 Bytes 1/15/2010 03:40:46
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 1/15/2010 03:40:46
AEHELP.DLL : 8.1.10.0 237942 Bytes 1/15/2010 03:40:45
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/15/2010 03:40:45
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.9.5 184693 Bytes 1/15/2010 03:40:45
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Sunday, January 17, 2010 08:47

Starting search for hidden objects.
'29007' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wmiadap.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'bmwebcfg.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'GtDetectSc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '78' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\657881fe0b65dc367abfcb0f6ae8\vc_red.cab
[0] Archive type: CAB (Microsoft)
--> mfc90chs.dll.30729.01.Microsoft_VC90_MFCLOC_x86.SP
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed

End of the scan: Sunday, January 17, 2010 10:40
Used time: 1:52:27 Hour(s)

The scan has been done completely.

12278 Scanned directories
440402 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
440400 Files not concerned
4708 Archives were scanned
4 Warnings
2 Notes
29007 Objects were scanned with rootkit scan
0 Hidden objects were found

Infected Avira Log:

Avira AntiVir Personal
Report file date: Friday, January 15, 2010 23:01

Scanning for 1543015 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DIANE

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:40:36
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 03:40:36
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 03:40:36
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 03:40:37
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 03:40:37
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 03:40:37
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 03:40:37
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 03:40:37
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 03:40:37
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 03:40:38
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 03:40:38
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 03:40:38
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 03:40:38
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 03:40:39
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 03:40:39
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 03:40:40
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 03:40:40
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 03:40:41
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 03:40:41
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 03:40:42
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 03:40:42
VBASE022.VDF : 7.10.2.158 192000 Bytes 1/11/2010 03:40:43
VBASE023.VDF : 7.10.2.186 200704 Bytes 1/14/2010 03:40:43
VBASE024.VDF : 7.10.2.187 2048 Bytes 1/14/2010 03:40:43
VBASE025.VDF : 7.10.2.188 2048 Bytes 1/14/2010 03:40:43
VBASE026.VDF : 7.10.2.189 2048 Bytes 1/14/2010 03:40:43
VBASE027.VDF : 7.10.2.190 2048 Bytes 1/14/2010 03:40:44
VBASE028.VDF : 7.10.2.191 2048 Bytes 1/14/2010 03:40:44
VBASE029.VDF : 7.10.2.192 2048 Bytes 1/14/2010 03:40:44
VBASE030.VDF : 7.10.2.193 2048 Bytes 1/14/2010 03:40:44
VBASE031.VDF : 7.10.2.202 201728 Bytes 1/15/2010 03:39:35
Engineversion : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/15/2010 03:40:47
AESCN.DLL : 8.1.3.1 127348 Bytes 1/15/2010 03:40:47
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/15/2010 03:40:47
AEPACK.DLL : 8.2.0.5 422262 Bytes 1/15/2010 03:40:46
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 1/15/2010 03:40:46
AEHELP.DLL : 8.1.10.0 237942 Bytes 1/15/2010 03:40:45
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/15/2010 03:40:45
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.9.5 184693 Bytes 1/15/2010 03:40:45
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Friday, January 15, 2010 23:01

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\errorcontrol
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\hkhdbsbf
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\bld2j4b
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vwbhm\xk6v8oh
[INFO] The registry entry is invisible.
'29108' objects were checked, '7' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'bmwebcfg.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'GtDetectSc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '78' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\657881fe0b65dc367abfcb0f6ae8\vc_red.cab
[0] Archive type: CAB (Microsoft)
--> mfc90chs.dll.30729.01.Microsoft_VC90_MFCLOC_x86.SP
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\DIGStream\digstream.exe
[DETECTION] Contains recognition pattern of the SPR/Dldr.DigStream program
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0151339.dll
[DETECTION] Is the TR/Agent.35328 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0154400.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0154410.dll
[DETECTION] Is the TR/Agent.35328 Trojan
C:\WINDOWS\system32\drivers\vwbhm.sys
[DETECTION] Contains recognition pattern of the RKIT/Kryptic.763904 root kit
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Program Files\DIGStream\digstream.exe
[DETECTION] Contains recognition pattern of the SPR/Dldr.DigStream program
[NOTE] The file was moved to '4bb8d204.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0151339.dll
[DETECTION] Is the TR/Agent.35328 Trojan
[NOTE] The file was moved to '4b82d1cb.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0154400.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4873011c.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0154410.dll
[DETECTION] Is the TR/Agent.35328 Trojan
[NOTE] The file was moved to '486f80cc.qua'!
C:\WINDOWS\system32\drivers\vwbhm.sys
[DETECTION] Contains recognition pattern of the RKIT/Kryptic.763904 root kit
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4bb3d212.qua'!

End of the scan: Saturday, January 16, 2010 08:47
Used time: 53:25 Minute(s)

The scan has been done completely.

12810 Scanned directories
434051 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
434043 Files not concerned
4667 Archives were scanned
5 Warnings
7 Notes
29108 Objects were scanned with rootkit scan
7 Hidden objects were found

Clean MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3606
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/20/2010 6:49:13 PM
mbam-log-2010-01-20 (18-49-13).txt

Scan type: Quick Scan
Objects scanned: 131838
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Windows XP Desktop Doesn't Load - TR/Agent.35328 Trojan Detected

#1
Bill2179

Posted 20 January 2010 - 08:03 PM

Advertisements

#2
Bill2179

Posted 31 January 2010 - 09:12 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Windows XP Desktop Doesn't Load - TR/Agent.35328 Trojan Detected

#1 Bill2179 Posted 20 January 2010 - 08:03 PM

Advertisements

#2 Bill2179 Posted 31 January 2010 - 09:12 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
Bill2179

Posted 20 January 2010 - 08:03 PM

#2
Bill2179

Posted 31 January 2010 - 09:12 PM