
Currently I'm using another computer to post here and running all newly downloaded programs via a USB Flash drive on the problem child. This is because anytime I get online I get alerts from McAfee constantly about 'New Malware.j' and the Temporary folder gets slammed with new folders. There is new *.tmp folders/files added if I'm not online, too. However, this happens a lot more when online and the names do change for every new *.tmp folder/file) McAfee did quarantine 'zaqbutwx.sys' driver, ''w32/Rustock.gen.c'right before the really troublesome one started on 2-16 around 8:37 am, and I can see where the name has been changed in the registry. (I guess that is how they quarantined it?) I have made a document of all McAfee has found since, when, what was open and what I had been doing when this started. I know exactly what had been downloaded and what web pages I had just copied and pasted into 'MS Word' documents. I have run Malwarebytes (quick and full) and Spybot S&D and they came up clean.
I have had instances where IE-7 would crash and go poof, too. (I'm trying to laugh) and sometimes making the computer re-boot due to an error. I have seen info in some logs that sometimes it was related to 'Flash.ocx' So I'll let y'all tell me what you think after some major house cleaning. :-)
Another one mentioned in my 'Topic Title', 'Patched-SYSFile.a', , ( C:\WINDOWS\system32\drivers\atapi.sys) this one seems to happen every 4-7 days or so. I've been trying to find information on that one by myself, as I know y'all stay pretty busy. For some reason I feel this might have started back when I installed a new Seagate EHD a few months ago. It seems at that time the 'icon' that had been used for my 'C:' drive changed, too. And my 'C:' drive quit being seen in 'Computer Management.' Of course, I could be wrong there.
'GMER' is doomed. I've attempted to run it 5 times now with my computer just shutting down or giving me a BSOD and I've typed out the exact messages for both BSODs on a 'notepad'. I lost the first post I had completed when I selected to post it. (grrr!) I am going to attach the notepad (hope that is ok!) and it will also have the McAfee findings since this started with details. McAfee found 4 or 5 different things once this started.
Thank you in advance for your time and help! :-)
DDS (Ver_09-12-01.01) - NTFSx86
Run by ******** ******* at 17:05:24.09 on Wed 02/24/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.261 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
E:\Bleeping Computer\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [DelayShred] "c:\program files\mcafee.com\shredder\shred32.exe" /q c:\windows\temp\mc9010~1.sh! c:\windows\temp\mc1593~1.sh! c:\docume~1\kathle~1\locals~1\temp\mpc9f.sh! c:\docume~1\kathle~1\locals~1\temp\~df3ada.sh! c:\docume~1\kathle~1\locals~1\temp\~df3acd.sh! c:\windows\temp\pea8d4~1.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\i86902np.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\dakzw2nq.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\hqko6ep9.sh! c:\docume~1\kathle~1\locals~1\temp\mc5fae~1.sh! c:\docume~1\kathle~1\locals~1\temp\mc5136~1.sh! c:\docume~1\kathle~1\locals~1\temp\mcmsc_~4.sh! c:\docume~1\kathle~1\locals~1\temp\mcmsc_~3.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\index.sh! c:\docume~1\billsw~1\locals~1\tempor~1\content.ie5\index.sh! c:\docume~1\networ~1\cookies\index.sh! c:\docume~1\networ~1\locals~1\history\history.ie5\index.sh! c:\docume~1\kathle~1\locals~1\history.sh! c:\docume~1\kathle~1\cookies\index.sh! c:\docume~1\kathle~1\locals~1\history\history.ie5\index.sh! c:\docume~1\kathle~1\locals~1\applic~1\micros~1\windows\usrclass.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\rrv6e8y6.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\w5bhvofx.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\rrv6e8y6\search~1.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\w5bhvofx\huufca~1.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\w5bhvofx\j7huca~1.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\w5bhvofx\ind474~1.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\w5bhvofx\ind074~1.sh! c:\docume~1\networ~1\locals~1\tempor~1\content.ie5\w5bhvofx\indc64~1.sh! c:\docume~1\locals~1\locals~1\tempor~1\content.ie5\index.sh! c:\docume~1\locals~1\locals~1\history.sh! c:\docume~1\locals~1\locals~1\tempor~1.sh! c:\docume~1\locals~1\locals~1\history\history.ie5\index.sh! c:\docume~1\kathle~1\locals~1\tempor~1.sh! c:\windows\temp\mc319d~1.sh! c:\windows\temp\peb1a7~1.sh! c:\windows\temp\mc8992~1.sh! c:\windows\temp\mc5f90~1.sh! c:\windows\temp\MC7FA4~1.SH!
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [SetIcon] \Program Files\WDC\SetIcon.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: &Yahoo! Search
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1260307005781
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108575655843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134741178453
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - hxxp://hoylegames.igl.net/cab/WONWebLauncherControl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5824/mcfscan.cab
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-28 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-10 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-6-10 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-6-10 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-6-10 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-10 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-6-10 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-10 40552]
S2 zswqjaf;zswqjaf;\??\c:\windows\system32\drivers\zaqbutwx.sys --> c:\windows\system32\drivers\zaqbutwx.sys [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-23 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-23 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-23 81288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 mbr;mbr;\??\c:\docume~1\kathle~1\locals~1\temp\mbr.sys --> c:\docume~1\kathle~1\locals~1\temp\mbr.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-10 34248]
S4 sdAuxService;PC Tools Auxiliary Service;f:\program files\spyware doctor\pctsauxs.exe --> f:\program files\spyware doctor\pctsAuxs.exe [?]
S4 sdCoreService;PC Tools Security Service;f:\program files\spyware doctor\pctssvc.exe --> f:\program files\spyware doctor\pctsSvc.exe [?]
=============== Created Last 30 ================
2010-02-24 21:59:20 0 ----a-w- c:\documents and settings\kathleen swinney\defogger_reenable
2010-02-21 18:44:57 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-02-21 18:43:56 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-02-21 18:42:54 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-02-21 18:41:59 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-02-21 18:40:56 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-02-21 18:39:57 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-02-21 18:38:58 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2010-02-21 18:37:58 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-02-21 18:36:57 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-02-21 18:35:57 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-02-21 18:34:59 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-02-21 18:33:58 86016 ----a-w- c:\windows\system32\dllcache\pctspk.exe
2010-02-21 18:32:58 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2010-02-21 18:31:58 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2010-02-21 18:30:53 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-02-21 18:29:56 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2010-02-21 18:28:58 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2010-02-21 18:27:57 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-02-21 18:26:58 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-02-21 18:25:58 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-02-21 18:24:49 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-02-21 18:23:58 57856 ----a-w- c:\windows\system32\dllcache\esuimgd.dll
2010-02-21 18:22:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2010-02-21 18:21:59 131156 ----a-w- c:\windows\system32\dllcache\digidbp.dll
2010-02-21 18:20:57 39936 ----a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-02-21 18:19:59 66082 ----a-w- c:\windows\system32\dllcache\c_20833.nls
2010-02-21 18:18:59 87552 ----a-w- c:\windows\system32\dllcache\avmcoxp.dll
2010-02-21 18:17:59 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys
2010-02-21 18:17:58 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2010-02-21 18:17:58 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys
2010-02-21 18:17:57 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys
2010-02-21 18:17:56 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2010-02-21 18:17:55 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-02-21 18:17:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2010-02-21 18:17:54 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-02-21 18:17:54 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-02-21 18:17:53 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-02-21 18:17:52 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-02-21 18:17:51 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2010-02-21 18:17:51 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-02-21 18:16:48 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-17 18:22:29 3566 ----a-w- c:\windows\system32\iecavp
2010-02-17 18:22:27 43008 ----a-w- c:\windows\system32\akquyl.dll
2010-02-16 03:55:42 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-16 03:55:42 1409 ----a-w- c:\windows\QTFont.for
2010-02-13 18:15:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-13 11:51:59 2284 ----a-w- C:\autorun.PNF
2010-02-10 12:03:44 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-10 12:03:43 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 12:03:43 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 12:03:43 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 12:03:43 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 12:03:43 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-06 00:40:59 0 d-sh--r- C:\cmdcons
2010-02-06 00:40:56 0 d-----w- c:\windows\setup.pss
2010-02-06 00:40:39 0 d-----w- c:\windows\setupupd
2010-02-05 16:37:48 0 d-----w- c:\program files\WildTangent
2010-01-28 10:28:02 0 d-----w- c:\docume~1\kathle~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-01-27 12:20:25 0 d-----w- c:\windows\system32\Adobe
==================== Find3M ====================
2010-02-24 21:52:19 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-24 21:52:19 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-02-18 18:00:49 100720 ----a-w- c:\docume~1\kathle~1\applic~1\GDIPFONTCACHEV1.DAT
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-18 13:05:43 634648 --s-a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 09:23:28 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\dllcache\msrle32.dll
2009-09-16 09:31:53 16544 ----a-w- c:\program files\common files\iqikocobum.dat
2007-03-25 16:58:40 82090337 ----a-w- c:\program files\rn73dlx_16lang.exe
2007-03-25 16:21:40 270 ----a-w- c:\program files\Read Me First!!!.txt
2007-03-25 16:21:38 1312845 ----a-w- c:\program files\PatchGdiPlus.EXE
2005-10-14 04:55:43 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-06-09 15:46:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060920090610\index.dat
============= FINISH: 17:06:36.14 ===============
Thanks again,
Kat :-)